Vulnerabilities > CVE-2001-0535 - Unspecified vulnerability in Macromedia Coldfusion Server 4.X

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

macromedia

NVD

Published: 2001-10-30

Updated: 2024-11-20

Summary

Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.

Vulnerable Configurations

Part	Description	Count
Application	Macromedia Macromedia Coldfusion Server 4.X	1

References

http://www.allaire.com/Handlers/index.cfm?ID=21700
http://www.allaire.com/Handlers/index.cfm?ID=21700
http://xforce.iss.net/alerts/advise92.php
http://xforce.iss.net/alerts/advise92.php