Search criteria
42 vulnerabilities found for coldfusion_server by allaire
CVE-2002-0576 (GCVE-0-2002-0576)
Vulnerability from cvelistv5 ā Published: 2003-04-02 05:00 ā Updated: 2024-08-08 02:56
VLAI?
Summary
ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4542",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4542"
},
{
"name": "20020418 KPMG-2002013: Coldfusion Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/268263"
},
{
"name": "coldfusion-dos-device-path-disclosure(8866)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8866.php"
},
{
"name": "20020418 [VulnWatch] KPMG-2002013: Coldfusion Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0028.html"
},
{
"name": "3337",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3337"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.macromedia.com/v1/handlers/index.cfm?ID=22906"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4542",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4542"
},
{
"name": "20020418 KPMG-2002013: Coldfusion Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/268263"
},
{
"name": "coldfusion-dos-device-path-disclosure(8866)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8866.php"
},
{
"name": "20020418 [VulnWatch] KPMG-2002013: Coldfusion Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0028.html"
},
{
"name": "3337",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3337"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.macromedia.com/v1/handlers/index.cfm?ID=22906"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4542",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4542"
},
{
"name": "20020418 KPMG-2002013: Coldfusion Path Disclosure",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/268263"
},
{
"name": "coldfusion-dos-device-path-disclosure(8866)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8866.php"
},
{
"name": "20020418 [VulnWatch] KPMG-2002013: Coldfusion Path Disclosure",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0028.html"
},
{
"name": "3337",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3337"
},
{
"name": "http://www.macromedia.com/v1/handlers/index.cfm?ID=22906",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/v1/handlers/index.cfm?ID=22906"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0576",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-06-11T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1120 (GCVE-0-2001-1120)
Vulnerability from cvelistv5 ā Published: 2002-03-15 05:00 ā Updated: 2024-08-08 04:44
VLAI?
Summary
Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:07.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3018",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3018"
},
{
"name": "coldfusion-unauthorized-file-access(6839)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6839"
},
{
"name": "20010712 New Cold Fusion vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/196452"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.allaire.com/handlers/index.cfm?id=21566"
},
{
"name": "VU#135531",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/135531"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3018",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3018"
},
{
"name": "coldfusion-unauthorized-file-access(6839)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6839"
},
{
"name": "20010712 New Cold Fusion vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/196452"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.allaire.com/handlers/index.cfm?id=21566"
},
{
"name": "VU#135531",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/135531"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3018",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3018"
},
{
"name": "coldfusion-unauthorized-file-access(6839)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6839"
},
{
"name": "20010712 New Cold Fusion vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/196452"
},
{
"name": "http://www.allaire.com/handlers/index.cfm?id=21566",
"refsource": "CONFIRM",
"url": "http://www.allaire.com/handlers/index.cfm?id=21566"
},
{
"name": "VU#135531",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/135531"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1120",
"datePublished": "2002-03-15T05:00:00",
"dateReserved": "2002-03-15T00:00:00",
"dateUpdated": "2024-08-08T04:44:07.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0756 (GCVE-0-1999-0756)
Vulnerability from cvelistv5 ā Published: 2001-09-18 04:00 ā Updated: 2024-08-01 16:48
VLAI?
Summary
ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:48:37.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ASB99-07",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE",
"x_transferred"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=10968\u0026Method=Full"
},
{
"name": "coldfusion-admin-dos(2207)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2207"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ASB99-07",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=10968\u0026Method=Full"
},
{
"name": "coldfusion-admin-dos(2207)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2207"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ASB99-07",
"refsource": "ALLAIRE",
"url": "http://www.allaire.com/handlers/index.cfm?ID=10968\u0026Method=Full"
},
{
"name": "coldfusion-admin-dos(2207)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2207"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0756",
"datePublished": "2001-09-18T04:00:00",
"dateReserved": "1999-11-25T00:00:00",
"dateUpdated": "2024-08-01T16:48:37.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0760 (GCVE-0-1999-0760)
Vulnerability from cvelistv5 ā Published: 2001-05-07 04:00 ā Updated: 2024-08-01 16:48
VLAI?
Summary
Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:48:38.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "550",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/550"
},
{
"name": "ASB99-10",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE",
"x_transferred"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=11714\u0026Method=Full"
},
{
"name": "coldfusion-server-cfml-tags(3288)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3288"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "550",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/550"
},
{
"name": "ASB99-10",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=11714\u0026Method=Full"
},
{
"name": "coldfusion-server-cfml-tags(3288)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3288"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "550",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/550"
},
{
"name": "ASB99-10",
"refsource": "ALLAIRE",
"url": "http://www.allaire.com/handlers/index.cfm?ID=11714\u0026Method=Full"
},
{
"name": "coldfusion-server-cfml-tags(3288)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3288"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0760",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "1999-11-25T00:00:00",
"dateUpdated": "2024-08-01T16:48:38.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0922 (GCVE-0-1999-0922)
Vulnerability from cvelistv5 ā Published: 2001-05-07 04:00 ā Updated: 2024-08-01 16:55
VLAI?
Summary
An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:55:29.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ASB99-02",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE",
"x_transferred"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=8739\u0026Method=Full"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ASB99-02",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=8739\u0026Method=Full"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ASB99-02",
"refsource": "ALLAIRE",
"url": "http://www.allaire.com/handlers/index.cfm?ID=8739\u0026Method=Full"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0922",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "1999-12-08T00:00:00",
"dateUpdated": "2024-08-01T16:55:29.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0924 (GCVE-0-1999-0924)
Vulnerability from cvelistv5 ā Published: 2001-05-07 04:00 ā Updated: 2024-08-01 16:55
VLAI?
Summary
The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:55:29.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ASB99-02",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE",
"x_transferred"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=8739\u0026Method=Full"
},
{
"name": "coldfusion-syntax-checker(1742)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1742"
},
{
"name": "3236",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3236"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ASB99-02",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=8739\u0026Method=Full"
},
{
"name": "coldfusion-syntax-checker(1742)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1742"
},
{
"name": "3236",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3236"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ASB99-02",
"refsource": "ALLAIRE",
"url": "http://www.allaire.com/handlers/index.cfm?ID=8739\u0026Method=Full"
},
{
"name": "coldfusion-syntax-checker(1742)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1742"
},
{
"name": "3236",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3236"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0924",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "1999-12-08T00:00:00",
"dateUpdated": "2024-08-01T16:55:29.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0757 (GCVE-0-1999-0757)
Vulnerability from cvelistv5 ā Published: 2001-02-14 05:00 ā Updated: 2024-08-01 16:48
VLAI?
Summary
The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:48:37.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ASB99-08",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE",
"x_transferred"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=10969\u0026Method=Full"
},
{
"name": "coldfusion-encryption(2208)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2208"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ASB99-08",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=10969\u0026Method=Full"
},
{
"name": "coldfusion-encryption(2208)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2208"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ASB99-08",
"refsource": "ALLAIRE",
"url": "http://www.allaire.com/handlers/index.cfm?ID=10969\u0026Method=Full"
},
{
"name": "coldfusion-encryption(2208)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2208"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0757",
"datePublished": "2001-02-14T05:00:00",
"dateReserved": "1999-11-25T00:00:00",
"dateUpdated": "2024-08-01T16:48:37.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0923 (GCVE-0-1999-0923)
Vulnerability from cvelistv5 ā Published: 2001-02-14 05:00 ā Updated: 2024-08-01 16:55
VLAI?
Summary
Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:55:29.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ASB99-02",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE",
"x_transferred"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=8739\u0026Method=Full"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ASB99-02",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=8739\u0026Method=Full"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ASB99-02",
"refsource": "ALLAIRE",
"url": "http://www.allaire.com/handlers/index.cfm?ID=8739\u0026Method=Full"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0923",
"datePublished": "2001-02-14T05:00:00",
"dateReserved": "1999-12-08T00:00:00",
"dateUpdated": "2024-08-01T16:55:29.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0538 (GCVE-0-2000-0538)
Vulnerability from cvelistv5 ā Published: 2000-10-13 04:00 ā Updated: 2024-08-08 05:21
VLAI?
Summary
ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:21:31.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000607 New Allaire ColdFusion DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=96045469627806\u0026w=2"
},
{
"name": "coldfusion-parse-dos(4611)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4611"
},
{
"name": "3399",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3399"
},
{
"name": "ASB00-14",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE",
"x_transferred"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=16122\u0026Method=Full"
},
{
"name": "1314",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1314"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000607 New Allaire ColdFusion DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=96045469627806\u0026w=2"
},
{
"name": "coldfusion-parse-dos(4611)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4611"
},
{
"name": "3399",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3399"
},
{
"name": "ASB00-14",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=16122\u0026Method=Full"
},
{
"name": "1314",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1314"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000607 New Allaire ColdFusion DoS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=96045469627806\u0026w=2"
},
{
"name": "coldfusion-parse-dos(4611)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4611"
},
{
"name": "3399",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3399"
},
{
"name": "ASB00-14",
"refsource": "ALLAIRE",
"url": "http://www.allaire.com/handlers/index.cfm?ID=16122\u0026Method=Full"
},
{
"name": "1314",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1314"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0538",
"datePublished": "2000-10-13T04:00:00",
"dateReserved": "2000-07-11T00:00:00",
"dateUpdated": "2024-08-08T05:21:31.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0410 (GCVE-0-2000-0410)
Vulnerability from cvelistv5 ā Published: 2000-07-12 04:00 ā Updated: 2024-08-08 05:14
VLAI?
Summary
ColdFusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file that is not stored in memory.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:14:21.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000510 Cold Fusion Server 4.5.1 DoS Vulnerability.",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://www.ntbugtraq.com/default.asp?pid=36\u0026sid=1\u0026A2=ind0005\u0026L=ntbugtraq\u0026F=\u0026S=\u0026P=4843"
},
{
"name": "1192",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1192"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ColdFusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file that is not stored in memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000510 Cold Fusion Server 4.5.1 DoS Vulnerability.",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://www.ntbugtraq.com/default.asp?pid=36\u0026sid=1\u0026A2=ind0005\u0026L=ntbugtraq\u0026F=\u0026S=\u0026P=4843"
},
{
"name": "1192",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1192"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ColdFusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file that is not stored in memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000510 Cold Fusion Server 4.5.1 DoS Vulnerability.",
"refsource": "NTBUGTRAQ",
"url": "http://www.ntbugtraq.com/default.asp?pid=36\u0026sid=1\u0026A2=ind0005\u0026L=ntbugtraq\u0026F=\u0026S=\u0026P=4843"
},
{
"name": "1192",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1192"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0410",
"datePublished": "2000-07-12T04:00:00",
"dateReserved": "2000-06-14T00:00:00",
"dateUpdated": "2024-08-08T05:14:21.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0576 (GCVE-0-2002-0576)
Vulnerability from nvd ā Published: 2003-04-02 05:00 ā Updated: 2024-08-08 02:56
VLAI?
Summary
ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4542",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4542"
},
{
"name": "20020418 KPMG-2002013: Coldfusion Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/268263"
},
{
"name": "coldfusion-dos-device-path-disclosure(8866)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8866.php"
},
{
"name": "20020418 [VulnWatch] KPMG-2002013: Coldfusion Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0028.html"
},
{
"name": "3337",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3337"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.macromedia.com/v1/handlers/index.cfm?ID=22906"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4542",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4542"
},
{
"name": "20020418 KPMG-2002013: Coldfusion Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/268263"
},
{
"name": "coldfusion-dos-device-path-disclosure(8866)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8866.php"
},
{
"name": "20020418 [VulnWatch] KPMG-2002013: Coldfusion Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0028.html"
},
{
"name": "3337",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3337"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.macromedia.com/v1/handlers/index.cfm?ID=22906"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4542",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4542"
},
{
"name": "20020418 KPMG-2002013: Coldfusion Path Disclosure",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/268263"
},
{
"name": "coldfusion-dos-device-path-disclosure(8866)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8866.php"
},
{
"name": "20020418 [VulnWatch] KPMG-2002013: Coldfusion Path Disclosure",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0028.html"
},
{
"name": "3337",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3337"
},
{
"name": "http://www.macromedia.com/v1/handlers/index.cfm?ID=22906",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/v1/handlers/index.cfm?ID=22906"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0576",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-06-11T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1120 (GCVE-0-2001-1120)
Vulnerability from nvd ā Published: 2002-03-15 05:00 ā Updated: 2024-08-08 04:44
VLAI?
Summary
Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:07.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3018",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3018"
},
{
"name": "coldfusion-unauthorized-file-access(6839)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6839"
},
{
"name": "20010712 New Cold Fusion vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/196452"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.allaire.com/handlers/index.cfm?id=21566"
},
{
"name": "VU#135531",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/135531"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3018",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3018"
},
{
"name": "coldfusion-unauthorized-file-access(6839)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6839"
},
{
"name": "20010712 New Cold Fusion vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/196452"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.allaire.com/handlers/index.cfm?id=21566"
},
{
"name": "VU#135531",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/135531"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3018",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3018"
},
{
"name": "coldfusion-unauthorized-file-access(6839)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6839"
},
{
"name": "20010712 New Cold Fusion vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/196452"
},
{
"name": "http://www.allaire.com/handlers/index.cfm?id=21566",
"refsource": "CONFIRM",
"url": "http://www.allaire.com/handlers/index.cfm?id=21566"
},
{
"name": "VU#135531",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/135531"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1120",
"datePublished": "2002-03-15T05:00:00",
"dateReserved": "2002-03-15T00:00:00",
"dateUpdated": "2024-08-08T04:44:07.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0756 (GCVE-0-1999-0756)
Vulnerability from nvd ā Published: 2001-09-18 04:00 ā Updated: 2024-08-01 16:48
VLAI?
Summary
ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:48:37.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ASB99-07",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE",
"x_transferred"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=10968\u0026Method=Full"
},
{
"name": "coldfusion-admin-dos(2207)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2207"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ASB99-07",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=10968\u0026Method=Full"
},
{
"name": "coldfusion-admin-dos(2207)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2207"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ASB99-07",
"refsource": "ALLAIRE",
"url": "http://www.allaire.com/handlers/index.cfm?ID=10968\u0026Method=Full"
},
{
"name": "coldfusion-admin-dos(2207)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2207"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0756",
"datePublished": "2001-09-18T04:00:00",
"dateReserved": "1999-11-25T00:00:00",
"dateUpdated": "2024-08-01T16:48:37.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0760 (GCVE-0-1999-0760)
Vulnerability from nvd ā Published: 2001-05-07 04:00 ā Updated: 2024-08-01 16:48
VLAI?
Summary
Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:48:38.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "550",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/550"
},
{
"name": "ASB99-10",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE",
"x_transferred"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=11714\u0026Method=Full"
},
{
"name": "coldfusion-server-cfml-tags(3288)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3288"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "550",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/550"
},
{
"name": "ASB99-10",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=11714\u0026Method=Full"
},
{
"name": "coldfusion-server-cfml-tags(3288)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3288"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "550",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/550"
},
{
"name": "ASB99-10",
"refsource": "ALLAIRE",
"url": "http://www.allaire.com/handlers/index.cfm?ID=11714\u0026Method=Full"
},
{
"name": "coldfusion-server-cfml-tags(3288)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3288"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0760",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "1999-11-25T00:00:00",
"dateUpdated": "2024-08-01T16:48:38.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0922 (GCVE-0-1999-0922)
Vulnerability from nvd ā Published: 2001-05-07 04:00 ā Updated: 2024-08-01 16:55
VLAI?
Summary
An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:55:29.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ASB99-02",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE",
"x_transferred"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=8739\u0026Method=Full"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ASB99-02",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=8739\u0026Method=Full"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ASB99-02",
"refsource": "ALLAIRE",
"url": "http://www.allaire.com/handlers/index.cfm?ID=8739\u0026Method=Full"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0922",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "1999-12-08T00:00:00",
"dateUpdated": "2024-08-01T16:55:29.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0924 (GCVE-0-1999-0924)
Vulnerability from nvd ā Published: 2001-05-07 04:00 ā Updated: 2024-08-01 16:55
VLAI?
Summary
The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:55:29.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ASB99-02",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE",
"x_transferred"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=8739\u0026Method=Full"
},
{
"name": "coldfusion-syntax-checker(1742)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1742"
},
{
"name": "3236",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3236"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ASB99-02",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=8739\u0026Method=Full"
},
{
"name": "coldfusion-syntax-checker(1742)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1742"
},
{
"name": "3236",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3236"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ASB99-02",
"refsource": "ALLAIRE",
"url": "http://www.allaire.com/handlers/index.cfm?ID=8739\u0026Method=Full"
},
{
"name": "coldfusion-syntax-checker(1742)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1742"
},
{
"name": "3236",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3236"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0924",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "1999-12-08T00:00:00",
"dateUpdated": "2024-08-01T16:55:29.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0757 (GCVE-0-1999-0757)
Vulnerability from nvd ā Published: 2001-02-14 05:00 ā Updated: 2024-08-01 16:48
VLAI?
Summary
The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:48:37.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ASB99-08",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE",
"x_transferred"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=10969\u0026Method=Full"
},
{
"name": "coldfusion-encryption(2208)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2208"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ASB99-08",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=10969\u0026Method=Full"
},
{
"name": "coldfusion-encryption(2208)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2208"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ASB99-08",
"refsource": "ALLAIRE",
"url": "http://www.allaire.com/handlers/index.cfm?ID=10969\u0026Method=Full"
},
{
"name": "coldfusion-encryption(2208)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2208"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0757",
"datePublished": "2001-02-14T05:00:00",
"dateReserved": "1999-11-25T00:00:00",
"dateUpdated": "2024-08-01T16:48:37.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0923 (GCVE-0-1999-0923)
Vulnerability from nvd ā Published: 2001-02-14 05:00 ā Updated: 2024-08-01 16:55
VLAI?
Summary
Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:55:29.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ASB99-02",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE",
"x_transferred"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=8739\u0026Method=Full"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ASB99-02",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=8739\u0026Method=Full"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ASB99-02",
"refsource": "ALLAIRE",
"url": "http://www.allaire.com/handlers/index.cfm?ID=8739\u0026Method=Full"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0923",
"datePublished": "2001-02-14T05:00:00",
"dateReserved": "1999-12-08T00:00:00",
"dateUpdated": "2024-08-01T16:55:29.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0538 (GCVE-0-2000-0538)
Vulnerability from nvd ā Published: 2000-10-13 04:00 ā Updated: 2024-08-08 05:21
VLAI?
Summary
ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:21:31.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000607 New Allaire ColdFusion DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=96045469627806\u0026w=2"
},
{
"name": "coldfusion-parse-dos(4611)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4611"
},
{
"name": "3399",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3399"
},
{
"name": "ASB00-14",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE",
"x_transferred"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=16122\u0026Method=Full"
},
{
"name": "1314",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1314"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000607 New Allaire ColdFusion DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=96045469627806\u0026w=2"
},
{
"name": "coldfusion-parse-dos(4611)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4611"
},
{
"name": "3399",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3399"
},
{
"name": "ASB00-14",
"tags": [
"vendor-advisory",
"x_refsource_ALLAIRE"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=16122\u0026Method=Full"
},
{
"name": "1314",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1314"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000607 New Allaire ColdFusion DoS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=96045469627806\u0026w=2"
},
{
"name": "coldfusion-parse-dos(4611)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4611"
},
{
"name": "3399",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3399"
},
{
"name": "ASB00-14",
"refsource": "ALLAIRE",
"url": "http://www.allaire.com/handlers/index.cfm?ID=16122\u0026Method=Full"
},
{
"name": "1314",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1314"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0538",
"datePublished": "2000-10-13T04:00:00",
"dateReserved": "2000-07-11T00:00:00",
"dateUpdated": "2024-08-08T05:21:31.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0410 (GCVE-0-2000-0410)
Vulnerability from nvd ā Published: 2000-07-12 04:00 ā Updated: 2024-08-08 05:14
VLAI?
Summary
ColdFusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file that is not stored in memory.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:14:21.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000510 Cold Fusion Server 4.5.1 DoS Vulnerability.",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://www.ntbugtraq.com/default.asp?pid=36\u0026sid=1\u0026A2=ind0005\u0026L=ntbugtraq\u0026F=\u0026S=\u0026P=4843"
},
{
"name": "1192",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1192"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ColdFusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file that is not stored in memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000510 Cold Fusion Server 4.5.1 DoS Vulnerability.",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://www.ntbugtraq.com/default.asp?pid=36\u0026sid=1\u0026A2=ind0005\u0026L=ntbugtraq\u0026F=\u0026S=\u0026P=4843"
},
{
"name": "1192",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1192"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ColdFusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file that is not stored in memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000510 Cold Fusion Server 4.5.1 DoS Vulnerability.",
"refsource": "NTBUGTRAQ",
"url": "http://www.ntbugtraq.com/default.asp?pid=36\u0026sid=1\u0026A2=ind0005\u0026L=ntbugtraq\u0026F=\u0026S=\u0026P=4843"
},
{
"name": "1192",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1192"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0410",
"datePublished": "2000-07-12T04:00:00",
"dateReserved": "2000-06-14T00:00:00",
"dateUpdated": "2024-08-08T05:14:21.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2002-0576
Vulnerability from fkie_nvd - Published: 2002-06-18 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| allaire | coldfusion_server | 4.0 | |
| allaire | coldfusion_server | 4.5 | |
| allaire | coldfusion_server | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C334CA02-D4EC-40D0-B75F-AFBC0F3903E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "292DA1C8-5B98-4552-B51B-B0C3F230321F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35039D6D-B761-4079-BF53-FF0770D76909",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message."
}
],
"id": "CVE-2002-0576",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-06-18T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0028.html"
},
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/268263"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8866.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.macromedia.com/v1/handlers/index.cfm?ID=22906"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/3337"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/268263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8866.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.macromedia.com/v1/handlers/index.cfm?ID=22906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/3337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4542"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2001-1120
Vulnerability from fkie_nvd - Published: 2001-07-11 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| allaire | coldfusion_server | 2.0 | |
| allaire | coldfusion_server | 3.0 | |
| allaire | coldfusion_server | 3.0.1 | |
| allaire | coldfusion_server | 3.1 | |
| allaire | coldfusion_server | 3.1.1 | |
| allaire | coldfusion_server | 3.1.2 | |
| allaire | coldfusion_server | 4.0 | |
| allaire | coldfusion_server | 4.0.1 | |
| allaire | coldfusion_server | 4.5 | |
| allaire | coldfusion_server | 4.5.1 | |
| allaire | coldfusion_server | 4.5.1_sp1 | |
| allaire | coldfusion_server | 4.5.1_sp2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE00F45E-C410-4268-B0EC-18B4043E6631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB5B124-A5C2-4B24-8091-FF9863D17BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72ADE8ED-2A3D-45A2-B009-EBDE19372757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC21856A-F57F-4C34-8276-5880B57A2DD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48996949-448E-457A-B288-4CDD0490FCAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5BC7A2B-455E-42DF-89E5-FB0B0D14139C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C334CA02-D4EC-40D0-B75F-AFBC0F3903E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3630623B-468C-4E71-9C57-EFF83E5EFA4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "292DA1C8-5B98-4552-B51B-B0C3F230321F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA98847-8A14-409C-86E8-C7652E5ECF0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:4.5.1_sp1:*:*:*:*:*:*:*",
"matchCriteriaId": "A52C6951-19F6-48EA-93C6-53A12701D88C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:4.5.1_sp2:*:*:*:*:*:*:*",
"matchCriteriaId": "0E5FCF6E-BD98-47E1-A39D-4725F2581D06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates."
}
],
"id": "CVE-2001-1120",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-07-11T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.allaire.com/handlers/index.cfm?id=21566"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/135531"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/196452"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3018"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.allaire.com/handlers/index.cfm?id=21566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/135531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/196452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6839"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-1999-0922
Vulnerability from fkie_nvd - Published: 2001-03-12 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| allaire | coldfusion_server | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C334CA02-D4EC-40D0-B75F-AFBC0F3903E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file."
}
],
"id": "CVE-1999-0922",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-03-12T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=8739\u0026Method=Full"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=8739\u0026Method=Full"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-1999-0756
Vulnerability from fkie_nvd - Published: 2001-03-12 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| allaire | coldfusion_server | 4.0 | |
| allaire | coldfusion_server | 4.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C334CA02-D4EC-40D0-B75F-AFBC0F3903E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3630623B-468C-4E71-9C57-EFF83E5EFA4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility."
}
],
"id": "CVE-1999-0756",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-03-12T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=10968\u0026Method=Full"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=10968\u0026Method=Full"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2207"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-1999-0757
Vulnerability from fkie_nvd - Published: 2001-03-12 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| allaire | coldfusion_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF3D3BC-7BE5-4DD5-8FEA-AD65C32404C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates."
}
],
"id": "CVE-1999-0757",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-03-12T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=10969\u0026Method=Full"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=10969\u0026Method=Full"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2208"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-1999-0924
Vulnerability from fkie_nvd - Published: 2001-03-12 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| allaire | coldfusion_server | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C334CA02-D4EC-40D0-B75F-AFBC0F3903E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service."
}
],
"id": "CVE-1999-0924",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-03-12T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=8739\u0026Method=Full"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/3236"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=8739\u0026Method=Full"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/3236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1742"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-1999-0760
Vulnerability from fkie_nvd - Published: 2001-03-12 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| allaire | coldfusion_server | 2.0 | |
| allaire | coldfusion_server | 3.0 | |
| allaire | coldfusion_server | 3.0.1 | |
| allaire | coldfusion_server | 3.1 | |
| allaire | coldfusion_server | 3.1.1 | |
| allaire | coldfusion_server | 3.1.2 | |
| allaire | coldfusion_server | 4.0 | |
| allaire | coldfusion_server | 4.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE00F45E-C410-4268-B0EC-18B4043E6631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB5B124-A5C2-4B24-8091-FF9863D17BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72ADE8ED-2A3D-45A2-B009-EBDE19372757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC21856A-F57F-4C34-8276-5880B57A2DD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48996949-448E-457A-B288-4CDD0490FCAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5BC7A2B-455E-42DF-89E5-FB0B0D14139C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C334CA02-D4EC-40D0-B75F-AFBC0F3903E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3630623B-468C-4E71-9C57-EFF83E5EFA4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges."
}
],
"id": "CVE-1999-0760",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-03-12T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.allaire.com/handlers/index.cfm?ID=11714\u0026Method=Full"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/550"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.allaire.com/handlers/index.cfm?ID=11714\u0026Method=Full"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3288"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-1999-0923
Vulnerability from fkie_nvd - Published: 2001-03-12 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| allaire | coldfusion_server | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C334CA02-D4EC-40D0-B75F-AFBC0F3903E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls."
}
],
"id": "CVE-1999-0923",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-03-12T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=8739\u0026Method=Full"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=8739\u0026Method=Full"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2000-0538
Vulnerability from fkie_nvd - Published: 2000-06-07 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| allaire | coldfusion_server | 2.0 | |
| allaire | coldfusion_server | 3.0 | |
| allaire | coldfusion_server | 3.01 | |
| allaire | coldfusion_server | 3.1 | |
| allaire | coldfusion_server | 3.11 | |
| allaire | coldfusion_server | 3.12 | |
| allaire | coldfusion_server | 4.0 | |
| allaire | coldfusion_server | 4.0.1 | |
| allaire | coldfusion_server | 4.5 | |
| allaire | coldfusion_server | 4.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE00F45E-C410-4268-B0EC-18B4043E6631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB5B124-A5C2-4B24-8091-FF9863D17BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "A32F27D3-0ECD-49BB-B32F-2F531DE6836D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC21856A-F57F-4C34-8276-5880B57A2DD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9646F809-1016-49AD-B60A-481CDB7D5ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "926AAAD1-68C5-4816-B387-8B1BB4E9E1C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C334CA02-D4EC-40D0-B75F-AFBC0F3903E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3630623B-468C-4E71-9C57-EFF83E5EFA4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "292DA1C8-5B98-4552-B51B-B0C3F230321F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA98847-8A14-409C-86E8-C7652E5ECF0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password."
}
],
"id": "CVE-2000-0538",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-06-07T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=96045469627806\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=16122\u0026Method=Full"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/3399"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1314"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=96045469627806\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.allaire.com/handlers/index.cfm?ID=16122\u0026Method=Full"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/3399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4611"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2000-0410
Vulnerability from fkie_nvd - Published: 2000-05-10 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
ColdFusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file that is not stored in memory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| allaire | coldfusion_server | 4.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:allaire:coldfusion_server:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA98847-8A14-409C-86E8-C7652E5ECF0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ColdFusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file that is not stored in memory."
}
],
"id": "CVE-2000-0410",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-05-10T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.ntbugtraq.com/default.asp?pid=36\u0026sid=1\u0026A2=ind0005\u0026L=ntbugtraq\u0026F=\u0026S=\u0026P=4843"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/1192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.ntbugtraq.com/default.asp?pid=36\u0026sid=1\u0026A2=ind0005\u0026L=ntbugtraq\u0026F=\u0026S=\u0026P=4843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/1192"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}