Описание
The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:allaire:coldfusion_server:2.0:*:*:*:*:*:*:*
cpe:2.3:a:allaire:coldfusion_server:3.0:*:*:*:*:*:*:*
cpe:2.3:a:allaire:coldfusion_server:3.01:*:*:*:*:*:*:*
cpe:2.3:a:allaire:coldfusion_server:3.11:*:*:*:*:*:*:*
cpe:2.3:a:allaire:coldfusion_server:3.12:*:*:*:*:*:*:*
cpe:2.3:a:allaire:coldfusion_server:4.0:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.06853
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly.
EPSS
Процентиль: 91%
0.06853
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other