CVE Vulnerabilities

CVE-2001-0535

Published: Oct 30, 2001 | Modified: Sep 05, 2008
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local hosts domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the HTTP Host (CGI.Host) variable in (1) the Web Publish example script, and (2) the Email example script.

Affected Software

Name Vendor Start Version End Version
Coldfusion_server Macromedia 4.x 4.x

References