Known Vulnerabilities for Coldfusion by Macromedia
Listed below are 10 of the newest known vulnerabilities associated with "Coldfusion" by "Macromedia".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2006-3979 | The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI inst... | 7.2 - HIGH | 2006-08-09 | 2017-07-20 |
| CVE-2006-2364 | Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attac... | 5.8 - MEDIUM | 2006-05-15 | 2017-07-20 |
| CVE-2005-4345 | Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows loc... | 7.2 - HIGH | 2005-12-19 | 2011-03-08 |
| CVE-2005-4344 | Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which... | 2.1 - LOW | 2005-12-19 | 2011-03-08 |
| CVE-2005-4343 | Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files ... | 5 - MEDIUM | 2005-12-19 | 2011-03-08 |
| CVE-2005-4342 | ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception ... | 7.5 - HIGH | 2005-12-19 | 2011-03-08 |
| CVE-2005-2306 | Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate au... | 3.7 - LOW | 2005-07-19 | 2008-09-05 |
| CVE-2005-1555 | Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitr... | 4.3 - MEDIUM | 2005-05-10 | 2017-07-11 |
| CVE-2005-1022 | ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote... | 5 - MEDIUM | 2005-05-02 | 2016-10-18 |
| CVE-2004-0407 | The HTML form upload capability in ColdFusion MX 6.1 does not reclaim disk space if an upload is interrupted, which allows re... | 2.6 - LOW | 2004-06-01 | 2017-07-11 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Macromedia | Coldfusion | 7.02 | All | All | All |
| Application | Macromedia | Coldfusion | 7.0 | All | All | All |
| Application | Macromedia | Coldfusion | 6.1 | All | All | All |
| Application | Macromedia | Coldfusion | 6.0 | All | All | All |
| Application | Macromedia | Coldfusion | 5.0 | All | All | All |
| Application | Macromedia | Coldfusion | 4.5.1 | sp2 | All | All |
| Application | Macromedia | Coldfusion | 4.5.1 | sp1 | All | All |
| Application | Macromedia | Coldfusion | 4.5.1 | All | All | All |
| Application | Macromedia | Coldfusion | 4.5 | All | All | All |
| Application | Macromedia | Coldfusion | 4.0.1 | All | All | All |
| Application | Macromedia | Coldfusion | 4.0 | All | All | All |
| Application | Macromedia | Coldfusion | 3.1.2 | All | All | All |
| Application | Macromedia | Coldfusion | 3.1.1 | All | All | All |
| Application | Macromedia | Coldfusion | 3.1 | All | All | All |
| Application | Macromedia | Coldfusion | 3.0.1 | All | All | All |
| Application | Macromedia | Coldfusion | 3.0 | All | All | All |
| Application | Macromedia | Coldfusion | 2.0 | All | All | All |
| Application | Macromedia | Coldfusion | - | All | All | All |