Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2047

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2047
Last Modified 07 Mar 2011 09:34:52
Published 26 Apr 2006 04:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2047

Summary

Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows remote attackers to obtain sensitive information via an invalid (1) secondary, (2) PageNum_Results, (3) category, or (4) keywords parameter in (a) Results.cfm; or an invalid (5) ProdID parameter in (b) Details.cfm; which reveal the path in various error messages. NOTE: the behavior for the category, keywords, and ProdID parameters might be resultant from SQL injection.

Vulnerable Systems

Application

  • Application Dynamics Cartweaver Coldfusion 2.16.11


References

VUPEN - ADV-2006-1513

XF - cartweaver-multiple-path-disclosure(26061)

OSVDB - 24964

OSVDB - 24963

SECUNIA - 19812

MISC - http://pridels0.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html


Last Updated: 27 May 2016 10:42:18