Allaire ColdFusion Remote File Display, Deletion, Upload and Execution Vulnerability

Bugtraq ID: 115
Class: Origin Validation Error
CVE: CVE-1999-0455
CVE-1999-0477
Remote: Yes
Local: Yes
Published: Dec 25 1998 12:00AM
Updated: Jul 11 2009 12:16AM
Credit: rain.forest.puppy <rfpuppy@iname.com> made public the ability to display and delete any file on the system in Phrack Issue 54 Article 8. kklinsky@themerge.com made public the ability to upload and execute arbitrary ColdFusion files in a L0pht advisory. Ad
Vulnerable: Allaire ColdFusion Server 4.0
Allaire ColdFusion Server 3.1.2
Allaire ColdFusion Server 3.1.1
Allaire ColdFusion Server 3.1
Allaire ColdFusion Server 3.0.1
Allaire ColdFusion Server 3.0
Allaire ColdFusion Server 2.0
Not Vulnerable: Allaire ColdFusion Server 4.0.1


 

Privacy Statement
Copyright 2010, SecurityFocus