CVE-2001-0535

Published Oct 30, 2001

Last updated 16 years ago

Overview

Description: Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:macromedia:coldfusion_server:4.x:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "078E31C5-CF25-4BAA-A249-438C50CA0F5F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References