CVE-2002-0576

Опубликовано: 18 июн. 2002

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.

Ссылки

http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0028.html
http://online.securityfocus.com/archive/1/268263
http://www.iss.net/security_center/static/8866.php
Patch
Vendor Advisory
http://www.macromedia.com/v1/handlers/index.cfm?ID=22906
Patch
Vendor Advisory
http://www.osvdb.org/3337
http://www.securityfocus.com/bid/4542
Patch
Vendor Advisory
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0028.html
http://online.securityfocus.com/archive/1/268263
http://www.iss.net/security_center/static/8866.php
Patch
Vendor Advisory
http://www.macromedia.com/v1/handlers/index.cfm?ID=22906
Patch
Vendor Advisory
http://www.osvdb.org/3337
http://www.securityfocus.com/bid/4542
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:allaire:coldfusion_server:4.0:*:*:*:*:*:*:*

cpe:2.3:a:allaire:coldfusion_server:4.5:*:*:*:*:*:*:*

cpe:2.3:a:allaire:coldfusion_server:5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.0143

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-7hpq-229x-2796

github

почти 4 года назад