CVE-1999-1124
Published Dec 31, 1999
Last updated 16 years ago
Overview
- Description
- HTTP Client application in ColdFusion allows remote attackers to bypass access restrictions for web pages on other ports by providing the target page to the mainframeset.cfm application, which requests the page from the server, making it look like the request is coming from the local host.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:allaire:coldfusion:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6DA88352-88EF-48A1-A50B-572C78A090A6"
}
],
"operator": "OR"
}
]
}
]