Unrated severityNVD Advisory· Published Oct 5, 2004· Updated Jun 16, 2026
CVE-2004-0928
CVE-2004-0928
Description
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:*:enterprise:*:*:*:*:*+ 3 more
- cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:*:enterprise:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:*:standard:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:*:enterprise:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:*:standard:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_server:web_01-01_1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:hitachi:cosminexus_server:web_01-01_1:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_server:web_01-01_2:*:*:*:*:*:*:*
cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*
- (no CPE)range: = 6.0, 6.1, 6.1 J2EE
cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:jrun:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:jrun:4.0:*:*:*:*:*:*:*
- (no CPE)range: = 4.0
Patches
Vulnerability mechanics
References
9- secunia.com/advisories/12638/nvdPatchVendor Advisory
- secunia.com/advisories/12647/nvdPatchVendor Advisory
- www.idefense.com/application/poi/displaynvdPatchVendor Advisory
- www.kb.cert.org/vuls/id/977440nvdPatchThird Party AdvisoryUS Government Resource
- www.macromedia.com/devnet/security/security_zone/mpsb04-08.htmlnvdPatchVendor Advisory
- www.macromedia.com/devnet/security/security_zone/mpsb04-09.htmlnvdPatchVendor Advisory
- www.securityfocus.com/bid/11245nvdPatchVendor Advisory
- marc.infonvd
- exchange.xforce.ibmcloud.com/vulnerabilities/17484nvd
News mentions
0No linked articles in our index yet.