Unrated severityNVD Advisory· Published Dec 31, 2006· Updated Apr 23, 2026
CVE-2006-5858
CVE-2006-5858
Description
Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file.
Affected products
2- cpe:2.3:a:adobe:jrun:4.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- www.adobe.com/support/security/bulletins/apsb07-02.htmlnvdPatchVendor Advisory
- secunia.com/advisories/23668nvdThird Party Advisory
- securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/457799/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/21978nvdThird Party AdvisoryVDB Entry
- www.vupen.com/english/advisories/2007/0116nvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/31411nvdThird Party AdvisoryVDB Entry
- labs.idefense.com/intelligence/vulnerabilities/display.phpnvdBroken Link
- osvdb.org/32123nvdBroken Link
News mentions
0No linked articles in our index yet.