Lucene search

MitreCVE-2004-0928

HistoryApr 21, 2005 - 4:00 a.m.

CVE-2004-0928

2005-04-2104:00:00

mitre

web.nvd.nist.gov

cve-2004-0928

microsoft

iis connector

jrun 4.0

macromedia

coldfusion mx 6.0

coldfusion mx 6.1

j2ee

remote attackers

authentication bypass

source files

http request

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.139

Percentile

95.7%

JSON

The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in “;.cfm”.

Affected configurations

Nvd

Node

hitachicosminexus_enterpriseMatch01_01_1enterprise

hitachicosminexus_enterpriseMatch01_01_1standard

hitachicosminexus_enterpriseMatch01_02_2enterprise

hitachicosminexus_enterpriseMatch01_02_2standard

hitachicosminexus_serverMatchweb_01-01_1

hitachicosminexus_serverMatchweb_01-01_2

macromediacoldfusionMatch6.0

macromediacoldfusionMatch6.1

macromediajrunMatch3.0

macromediajrunMatch3.1

macromediajrunMatch4.0

VendorProductVersionCPE
hitachicosminexus_enterprise01_01_1cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:*:enterprise:*:*:*:*:*
hitachicosminexus_enterprise01_01_1cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:*:standard:*:*:*:*:*
hitachicosminexus_enterprise01_02_2cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:*:enterprise:*:*:*:*:*
hitachicosminexus_enterprise01_02_2cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:*:standard:*:*:*:*:*
hitachicosminexus_serverweb_01-01_1cpe:2.3:a:hitachi:cosminexus_server:web_01-01_1:*:*:*:*:*:*:*
hitachicosminexus_serverweb_01-01_2cpe:2.3:a:hitachi:cosminexus_server:web_01-01_2:*:*:*:*:*:*:*
macromediacoldfusion6.0cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*
macromediacoldfusion6.1cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*
macromediajrun3.0cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*
macromediajrun3.1cpe:2.3:a:macromedia:jrun:3.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hitachi	cosminexus_enterprise	01_01_1	cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1::enterprise:::::
hitachi	cosminexus_enterprise	01_01_1	cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1::standard:::::
hitachi	cosminexus_enterprise	01_02_2	cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2::enterprise:::::
hitachi	cosminexus_enterprise	01_02_2	cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2::standard:::::
hitachi	cosminexus_server	web_01-01_1	cpe:2.3:a:hitachi:cosminexus_server:web_01-01_1:::::::*
hitachi	cosminexus_server	web_01-01_2	cpe:2.3:a:hitachi:cosminexus_server:web_01-01_2:::::::*
macromedia	coldfusion	6.0	cpe:2.3:a:macromedia:coldfusion:6.0:::::::*
macromedia	coldfusion	6.1	cpe:2.3:a:macromedia:coldfusion:6.1:::::::*
macromedia	jrun	3.0	cpe:2.3:a:macromedia:jrun:3.0:::::::*
macromedia	jrun	3.1	cpe:2.3:a:macromedia:jrun:3.1:::::::*

Rows per page:

1-10 of 111

References

marc.info/?l=bugtraq&m=109621995623823&w=2

secunia.com/advisories/12638/

secunia.com/advisories/12647/

www.idefense.com/application/poi/display?id=148&type=vulnerabilities

www.kb.cert.org/vuls/id/977440

www.macromedia.com/devnet/security/security_zone/mpsb04-08.html

www.macromedia.com/devnet/security/security_zone/mpsb04-09.html

www.securityfocus.com/bid/11245

exchange.xforce.ibmcloud.com/vulnerabilities/17484

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.139

Percentile

95.7%

JSON

Related for CVE-2004-0928