CVE-2004-0928

Sažetak

The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".

Reference

http://marc.info/?l=bugtraq&m=109621995623823&w=2
http://secunia.com/advisories/12638/
http://secunia.com/advisories/12647/
http://www.idefense.com/application/poi/display?id=148&type=vulnerabilities
http://www.kb.cert.org/vuls/id/977440
http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html
http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html
http://www.securityfocus.com/bid/11245
https://exchange.xforce.ibmcloud.com/vulnerabilities/17484

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

11-07-2017 - 01:30

Objavljeno

05-10-2004 - 04:00