Vulnerability CVE-2004-0928


Published: 2004-10-05   Modified: 2012-02-12

Description:
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Macromedia -> Coldfusion 
Macromedia -> JRUN 
Hitachi -> Cosminexus enterprise 
Hitachi -> Cosminexus server 

 References:
http://marc.info/?l=bugtraq&m=109621995623823&w=2
http://www.idefense.com/application/poi/display?id=148&type=vulnerabilities
http://www.kb.cert.org/vuls/id/977440
http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html
http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html
http://www.securityfocus.com/bid/11245
http://xforce.iss.net/xforce/xfdb/17484

Copyright 2024, cxsecurity.com

 

Back to Top