exploitDog

CVE-2001-0535

Опубликовано: 30 окт. 2001

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.

Ссылки

http://www.allaire.com/Handlers/index.cfm?ID=21700
Vendor Advisory
http://xforce.iss.net/alerts/advise92.php
Vendor Advisory
http://www.allaire.com/Handlers/index.cfm?ID=21700
Vendor Advisory
http://xforce.iss.net/alerts/advise92.php
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:macromedia:coldfusion_server:4.x:*:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.00749

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-4pfw-m3q5-m9v8

github

почти 4 года назад

Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.

EPSS

Процентиль: 73%

0.00749

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other