Unrated severityNVD Advisory· Published Oct 30, 2001· Updated Jun 16, 2026
CVE-2001-0535
CVE-2001-0535
Description
Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.
Affected products
2- cpe:2.3:a:macromedia:coldfusion_server:4.x:*:*:*:*:*:*:*
- Range: 4.x
Patches
Vulnerability mechanics
References
2- www.allaire.com/Handlers/index.cfmnvdVendor Advisory
- xforce.iss.net/alerts/advise92.phpnvdVendor Advisory
News mentions
0No linked articles in our index yet.