Vulnerabilities > CVE-2001-0535 - Unspecified vulnerability in Macromedia Coldfusion Server 4.X

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

macromedia

NVD

Published: 2001-10-30

Updated: 2008-09-05

Summary

Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.

Vulnerable Configurations

Part	Description	Count
Application	Macromedia Macromedia Coldfusion Server 4.X	1

References

http://www.allaire.com/Handlers/index.cfm?ID=21700
http://xforce.iss.net/alerts/advise92.php