Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0535

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-0535
Last Modified 05 Sep 2008 04:24:20
Published 30 Oct 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0535

Summary

Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.

Vulnerable Systems

Application

  • Macromedia Coldfusion Server 4.x


References

ISS - 20010807 Remote Vulnerabilities in Macromedia ColdFusion Example Applications

ALLAIRE - MPSB01-08


Last Updated: 27 May 2016 10:36:18