Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4343

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-4343
Last Modified 07 Mar 2011 09:28:01
Published 18 Dec 2005 10:47:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4343

Summary

Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection Vulnerability".

Vulnerable Systems

Application

  • Macromedia Coldfusion 6.0

  • Macromedia Coldfusion 6.1

  • Macromedia Coldfusion 7.0


References

BID - 15904

CONFIRM - http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html

CONFIRM - http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html

SECTRACK - 1015369

SECUNIA - 18078

VUPEN - ADV-2005-2948


Last Updated: 27 May 2016 10:41:16