CVE Vulnerabilities

CVE-2004-0928

Published: Oct 05, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ;.cfm.

Affected Software

Name Vendor Start Version End Version
Cosminexus_enterprise Hitachi 01_01_1 01_01_1
Cosminexus_enterprise Hitachi 01_01_1 01_01_1
Cosminexus_enterprise Hitachi 01_02_2 01_02_2
Cosminexus_enterprise Hitachi 01_02_2 01_02_2
Cosminexus_server Hitachi web_01-01_1 web_01-01_1
Cosminexus_server Hitachi web_01-01_2 web_01-01_2
Coldfusion Macromedia 6.0 6.0
Coldfusion Macromedia 6.1 6.1
Jrun Macromedia 3.0 3.0
Jrun Macromedia 3.1 3.1
Jrun Macromedia 4.0 4.0

References