CVE-2001-0535
Summary
| CVE | CVE-2001-0535 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2001-10-30 05:00:00 UTC |
| Updated | 2008-09-05 20:24:00 UTC |
| Description | Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Macromedia | Coldfusion Server | 4.x | All | All | All |
| Application | Macromedia | Coldfusion Server | 4.x | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 20010807 Remote Vulnerabilities in Macromedia ColdFusion Example Applications | ISS | xforce.iss.net | Vendor Advisory |
| Redirecting to http://www.macromedia.com/v1/handlers/index.cfm?ID=21700 | ALLAIRE | www.allaire.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.