High

CVE-2005-4342 - Unspecified vulnerability in Macromedia Coldfusion

Publication: 2005-12-19
Summary

ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability."

Risk level (CVSS 7.5)

High

7.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Macromedia Coldfusion 6.0
  • Macromedia Coldfusion 6.1
  • Macromedia Coldfusion 6.1
  • Macromedia Coldfusion 6.1
  • Macromedia Coldfusion 7.0