Vulnerability CVE-2005-4342


Published: 2005-12-18   Modified: 2012-02-12

Description:
ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability."

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Macromedia -> Coldfusion 

 References:
http://www.securityfocus.com/bid/15904
http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html
http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html
http://securitytracker.com/id?1015369
http://secunia.com/advisories/18078
http://www.vupen.com/english/advisories/2005/2948

Copyright 2024, cxsecurity.com

 

Back to Top