Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2331

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2004-2331
Last Modified 05 Sep 2008 04:43:50
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-2331

Summary

ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.

Vulnerable Systems

Application

  • Macromedia Coldfusion 6.1


References

XF - coldfusion-mx-sandbox-bypass(14984)

BID - 9521

CONFIRM - http://www.macromedia.com/devnet/security/security_zone/mpsb04-01.html

SECUNIA - 10743


Last Updated: 27 May 2016 10:39:26