Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1700

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2002-1700
Last Modified 15 Apr 2014 09:57:35
Published 31 Dec 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2002-1700

Summary

Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

Application

  • Macromedia Coldfusion 6.0

  • Microsoft Internet Information Server 5.0


References

XF - coldfusion-missing-template-css(9360)

BID - 5011

CONFIRM - http://www.macromedia.com/v1/Handlers/index.cfm?ID=23047


Last Updated: 27 May 2016 10:37:26