Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0928

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0928
Last Modified 05 Sep 2008 04:39:49
Published 05 Oct 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0928

Summary

The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".

Vulnerable Systems

Application

  • Hitachi Cosminexus Enterprise 01 01 1

  • Hitachi Cosminexus Enterprise 01 02 2

  • Hitachi Cosminexus Server Web 01-01 1

  • Hitachi Cosminexus Server Web 01-01 2

  • Macromedia Coldfusion 6.0

  • Macromedia Coldfusion 6.1

  • Macromedia Jrun 3.0

  • Macromedia Jrun 3.1

  • Macromedia Jrun 4.0


References

CERT-VN - VU#977440

XF - coldfusion-jrun-restriction-bypass(17484)

BID - 11245

CONFIRM - http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html

CONFIRM - http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html

IDEFENSE - 20041005 ColdFusion MX 6.1 on IIS File Contents Disclosure

SECUNIA - 12647

SECUNIA - 12638

BUGTRAQ - 20040923 New Macromedia Security Zone Bulletins Posted


Last Updated: 27 May 2016 10:38:48