Coldfusion Security Vulnerabilities and Issues — Coldfusion CVE List

Lucene search

MacromediaColdfusion

10 matches found

CVE•added 2007/10/24 11:0 p.m.•74 views

CVE-2003-1469

The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message.

5CVSS6.5AI score0.01498EPSS

CVE•added 2005/04/21 4:0 a.m.•63 views

CVE-2004-0928

The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".

5CVSS6.9AI score0.28178EPSS

CVE•added 2005/07/14 4:0 a.m.•41 views

CVE-2002-1992

Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header.

5CVSS7.3AI score0.05666EPSS

CVE•added 2005/08/16 4:0 a.m.•41 views

CVE-2004-2331

ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.

5.5CVSS6.6AI score0.00013EPSS

CVE•added 2005/05/10 4:0 a.m.•39 views

CVE-2004-1815

Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).

5CVSS6.7AI score0.08586EPSS

CVE•added 2005/10/25 4:0 a.m.•37 views

CVE-2004-2505

Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data.

5CVSS7.1AI score0.21884EPSS

CVE•added 2005/12/19 3:47 a.m.•37 views

CVE-2005-4343

Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection Vulnerability".

5CVSS7.3AI score0.01472EPSS

CVE•added 2006/05/15 4:6 p.m.•36 views

CVE-2006-2364

Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an ...

5.8CVSS5.7AI score0.00248EPSS

CVE•added 2005/05/02 4:0 a.m.•34 views

CVE-2005-1022

ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information.

5CVSS6.9AI score0.00232EPSS

CVE•added 2005/08/16 4:0 a.m.•26 views

CVE-2004-2330

ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields.

5CVSS7AI score0.05382EPSS