Coldfusion
by Macromedia
CVEs (27)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-1815 | 0.00 | — | 0.02 | Mar 15, 2004 | Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption). | |||
| CVE-2002-1992 | 0.00 | — | 0.02 | Dec 31, 2002 | Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header. | |||
| CVE-2002-1309 | 0.00 | — | 0.02 | Nov 29, 2002 | Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name. | |||
| CVE-2002-0576 | 0.00 | — | 0.03 | Jun 18, 2002 | ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message. | |||
| CVE-2001-1514 | 0.00 | — | 0.01 | Dec 31, 2001 | ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with and (2) child processes that call the CreateProcess function and are executed… | |||
| CVE-2001-0535 | 0.00 | — | 0.02 | Oct 30, 2001 | Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web… | |||
| CVE-2001-1427 | 0.00 | — | 0.02 | Jul 11, 2001 | Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors. |
- CVE-2004-1815Mar 15, 2004risk 0.00cvss —epss 0.02
Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).
- CVE-2002-1992Dec 31, 2002risk 0.00cvss —epss 0.02
Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header.
- CVE-2002-1309Nov 29, 2002risk 0.00cvss —epss 0.02
Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name.
- CVE-2002-0576Jun 18, 2002risk 0.00cvss —epss 0.03
ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.
- CVE-2001-1514Dec 31, 2001risk 0.00cvss —epss 0.01
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with and (2) child processes that call the CreateProcess function and are executed…
- CVE-2001-0535Oct 30, 2001risk 0.00cvss —epss 0.02
Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web…
- CVE-2001-1427Jul 11, 2001risk 0.00cvss —epss 0.02
Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors.
Page 2 of 2