CVE-2007-1874

Sažetak

Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/.

Reference

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=510
http://osvdb.org/34930
http://secunia.com/advisories/24850
http://www.adobe.com/support/security/bulletins/apsb07-08.html
http://www.securityfocus.com/bid/23405
http://www.securitytracker.com/id?1017899
http://www.vupen.com/english/advisories/2007/1341
https://exchange.xforce.ibmcloud.com/vulnerabilities/33571

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

29-07-2017 - 01:31

Objavljeno

11-04-2007 - 22:19