Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2001-1514
HistoryJul 14, 2005 - 4:00 a.m.

CVE-2001-1514

2005-07-1404:00:00
mitre
web.nvd.nist.gov
24
coldfusion
cve-2001-1514
windows
security context failure
child processes
system account.

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

High

EPSS

0.003

Percentile

66.0%

JSON

ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to “operating system,” does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account.

Affected configurations

Nvd
Node
macromediacoldfusionMatch4.5
OR
macromediacoldfusionMatch5.0
VendorProductVersionCPE
macromediacoldfusion4.5cpe:2.3:a:macromedia:coldfusion:4.5:*:*:*:*:*:*:*
macromediacoldfusion5.0cpe:2.3:a:macromedia:coldfusion:5.0:*:*:*:*:*:*:*

Related

nvd 1
cvelist 1
nvd
nvd
CVE-2001-1514
2001-12-31 05:00:00
cvelist
cvelist
CVE-2001-1514
2005-07-14 04:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

High

EPSS

0.003

Percentile

66.0%

JSON
Related for CVE-2001-1514
nvd1cvelist1