Allaire ColdFusion Remote File Display, Deletion, Upload and Execution Vulnerability

Bugtraq ID:	115
Class:	Origin Validation Error
CVE:	CAN-1999-0455 CAN-1999-0477
Remote:	Yes
Local:	Yes
Published:	Dec 25 1998 12:00AM
Updated:	Dec 25 1998 12:00AM
Credit:	rain.forest.puppy <rfpuppy@iname.com> made public the ability to display and delete any file on the system in Phrack Issue 54 Article 8. kklinsky@themerge.com made public the ability to upload and execute arbitrary ColdFusion files in a L0pht advisory. Ad
Vulnerable:	Allaire ColdFusion Server 4.0 Allaire ColdFusion Server 3.1.2 Allaire ColdFusion Server 3.1.1 Allaire ColdFusion Server 3.1 Allaire ColdFusion Server 3.0.1 Allaire ColdFusion Server 3.0 Allaire ColdFusion Server 2.0

Not Vulnerable:	Allaire ColdFusion Server 4.0.1