CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
EPSS
Percentile
86.0%
A vulnerability exists in Allaire ColdFusion Server which allows an attacker to have unauthorized read and delete access to files on the target host.
A remotely exploitable vulnerability exists in the Allaire ColdFusion Server which could allow an attacker to have unauthorized read and delete access to files on the target host. For more information on this vulnerability and versions affected, please see the Macromedia Product Security Bulletin (MPSB01-07).
An attacker can cause the ColdFusion server to retrieve or delete arbitrary files accessible to the ColdFusion server process. This vulnerability may allow an attacker to disclose confidential information and/or destroy data on the target host. Note that this attack does not depend on how the targeted site’s ColdFusion application is coded in the ColdFusion Markup Language (CFML).
Apply the following patches available from Allaire:
Windows Editions
Solairs Editions
Linux Editions
HP-UX Editions
135531
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: July 11, 2001 Updated: July 30, 2001
Affected
Please see <http://www.allaire.com/handlers/index.cfm?id=21566>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23135531 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was reported to the CERT/CC by Macromedia on July 11, 2001.
This document was written by Ian A. Finlay.
CVE IDs: | CVE-2001-1120 |
---|---|
Severity Metric: | 18.98 Date Public: |