CVE-2005-4343

Опубликовано: 19 дек. 2005

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection Vulnerability".

Ссылки

http://secunia.com/advisories/18078
Patch
Vendor Advisory
http://securitytracker.com/id?1015369
Patch
Vendor Advisory
http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html
Patch
http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html
Patch
http://www.securityfocus.com/bid/15904
Patch
http://www.vupen.com/english/advisories/2005/2948
http://secunia.com/advisories/18078
Patch
Vendor Advisory
http://securitytracker.com/id?1015369
Patch
Vendor Advisory
http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html
Patch
http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html
Patch
http://www.securityfocus.com/bid/15904
Patch
http://www.vupen.com/english/advisories/2005/2948

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:coldfusion:6.1:*:enterprise_with_jrun:*:*:*:*:*

cpe:2.3:a:macromedia:coldfusion:6.1:*:j2ee_application_server:*:*:*:*:*

cpe:2.3:a:macromedia:coldfusion:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.01472

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-gvph-v5gg-8pcr

github

почти 4 года назад