ColdFusion Sample Application Command Execution Vulnerability

Bugtraq ID:	3154
Class:	Input Validation Error
CVE:	CVE-2001-0535
Remote:	Yes
Local:	No
Published:	Aug 07 2001 12:00AM
Updated:	Jul 11 2009 07:56AM
Credit:	Discovered and posted to Bugtraq by ISS XForce <xforce@iss.net> on Aug 7, 2001.
Vulnerable:	Allaire ColdFusion Server 4.5.1 SP2 Allaire ColdFusion Server 4.5.1 SP1 Allaire ColdFusion Server 4.5.1 Allaire ColdFusion Server 4.5 - Cobalt Linux 5.0 - Cobalt Linux 5.0 - HP HP-UX 11.0 - HP HP-UX 11.0 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows 98 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 - Microsoft Windows NT 4.0 - RedHat Linux 7.0 - RedHat Linux 7.0 - S.u.S.E. Linux 7.0 - S.u.S.E. Linux 7.0 - Sun Solaris 8 - Sun Solaris 8 Allaire ColdFusion Server 4.0.1 Allaire ColdFusion Server 4.0

Not Vulnerable:	Allaire ColdFusion Server 5.0 - Cobalt Linux 5.0 - HP HP-UX 11.0 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 - RedHat Linux 7.0 - S.u.S.E. Linux 7.0 - Sun Solaris 8