CVE-2004-0928 | Vulnerability Database | Aqua Security

The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ;.cfm.

Affected Software

Name	Vendor	Start Version	End Version
Cosminexus_enterprise	Hitachi	01_01_1 (including)	01_01_1 (including)
Cosminexus_enterprise	Hitachi	01_02_2 (including)	01_02_2 (including)
Cosminexus_server	Hitachi	web_01-01_1 (including)	web_01-01_1 (including)
Cosminexus_server	Hitachi	web_01-01_2 (including)	web_01-01_2 (including)
Coldfusion	Macromedia	6.0 (including)	6.0 (including)
Coldfusion	Macromedia	6.1 (including)	6.1 (including)
Jrun	Macromedia	3.0 (including)	3.0 (including)
Jrun	Macromedia	3.1 (including)	3.1 (including)
Jrun	Macromedia	4.0 (including)	4.0 (including)

References

http://marc.info/?l=bugtraq\u0026m=109621995623823\u0026w=2
http://secunia.com/advisories/12638/
http://secunia.com/advisories/12647/
http://www.idefense.com/application/poi/display?id=148\u0026type=vulnerabilities
http://www.kb.cert.org/vuls/id/977440
http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html
http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html
http://www.securityfocus.com/bid/11245
https://exchange.xforce.ibmcloud.com/vulnerabilities/17484

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-0928
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html