Unrated severityNVD Advisory· Published Oct 5, 2004· Updated Apr 16, 2026
CVE-2004-0928
CVE-2004-0928
Description
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
Affected products
11cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:*:enterprise:*:*:*:*:*+ 3 more
- cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:*:enterprise:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:*:standard:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:*:enterprise:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:*:standard:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_server:web_01-01_1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:hitachi:cosminexus_server:web_01-01_1:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_server:web_01-01_2:*:*:*:*:*:*:*
cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*
cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:jrun:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:jrun:4.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- secunia.com/advisories/12638/nvdPatchVendor Advisory
- secunia.com/advisories/12647/nvdPatchVendor Advisory
- www.idefense.com/application/poi/displaynvdPatchVendor Advisory
- www.kb.cert.org/vuls/id/977440nvdPatchThird Party AdvisoryUS Government Resource
- www.macromedia.com/devnet/security/security_zone/mpsb04-08.htmlnvdPatchVendor Advisory
- www.macromedia.com/devnet/security/security_zone/mpsb04-09.htmlnvdPatchVendor Advisory
- www.securityfocus.com/bid/11245nvdPatchVendor Advisory
- marc.infonvd
- exchange.xforce.ibmcloud.com/vulnerabilities/17484nvd
News mentions
0No linked articles in our index yet.