Macromedia ColdFusion MX Updater Remote File Disclosure Vulnerability
BID:13060
Info
Macromedia ColdFusion MX Updater Remote File Disclosure Vulnerability
| Bugtraq ID: | 13060 |
| Class: | Design Error |
| CVE: |
CVE-2005-1022 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 07 2005 12:00AM |
| Updated: | Jul 12 2009 12:56PM |
| Credit: | Sean Waddell is credited with the discovery of this issue. |
| Vulnerable: |
Macromedia ColdFusion Server MX 6.1 |
| Not Vulnerable: | |
Discussion
Macromedia ColdFusion MX Updater Remote File Disclosure Vulnerability
A remote file disclosure vulnerability affects Macromedia ColdFusion MX. The problem presents itself due to a design error that causes potentially sensitive files to be stored in insecure locations.
An attacker may leverage this issue to gain access to compiled Java class files processed by the affected application server. This may facilitate further attacks and application code disclosure.
A remote file disclosure vulnerability affects Macromedia ColdFusion MX. The problem presents itself due to a design error that causes potentially sensitive files to be stored in insecure locations.
An attacker may leverage this issue to gain access to compiled Java class files processed by the affected application server. This may facilitate further attacks and application code disclosure.
Exploit / POC
Macromedia ColdFusion MX Updater Remote File Disclosure Vulnerability
No exploit is required to leverage this issue.
No exploit is required to leverage this issue.
Solution / Fix
Macromedia ColdFusion MX Updater Remote File Disclosure Vulnerability
Solution:
The vendor has reported that this issue will be resolved in the next release of the affected Updater. This BID will be updated as details are released.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
The vendor has reported that this issue will be resolved in the next release of the affected Updater. This BID will be updated as details are released.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Macromedia ColdFusion MX Updater Remote File Disclosure Vulnerability
References:
References: