CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Allaire » Coldfusion Server » 4.0 : Security Vulnerabilities

Cpe Name:cpe:/a:allaire:coldfusion_server:4.0
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2002-0576 2002-06-18 2008-09-05
5.0
None Remote Low Not required Partial None None
ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.
2 CVE-2001-1120 2001-07-11 2017-12-18
6.4
None Remote Low Not required Partial Partial None
Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates.
3 CVE-2000-0538 DoS 2000-06-07 2017-10-09
5.0
None Remote Low Not required None None Partial
ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password.
4 CVE-2000-0189 2000-03-01 2008-09-10
5.0
None Remote Low Not required Partial None None
ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files.
5 CVE-2000-0057 +Info 2000-01-04 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information.
6 CVE-1999-0924 DoS 2001-03-12 2017-10-09
5.0
None Remote Low Not required None None Partial
The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service.
7 CVE-1999-0923 DoS 2001-03-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls.
8 CVE-1999-0922 2001-03-12 2008-09-09
5.0
None Remote Low Not required Partial None None
An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file.
9 CVE-1999-0760 +Priv 2001-03-12 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges.
10 CVE-1999-0756 2001-03-12 2017-10-09
5.0
None Remote Low Not required None None Partial
ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility.
11 CVE-1999-0477 1999-12-25 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly.
12 CVE-1999-0455 1999-12-25 2008-09-09
7.5
User Remote Low Not required Partial Partial Partial
The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly.
Total number of vulnerabilities : 12   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.