Lucene search

MitreCVE-2004-2204

HistoryJul 10, 2005 - 4:00 a.m.

CVE-2004-2204

2005-07-1004:00:00

mitre

web.nvd.nist.gov

cve-2004-2204

macromedia

coldfusion mx

application server

unauthorized activities

administrative passwords

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

25.6%

JSON

Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.

Affected configurations

Nvd

Node

macromediacoldfusionMatch6.0

macromediacoldfusionMatch6.1

VendorProductVersionCPE
macromediacoldfusion6.0cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*
macromediacoldfusion6.1cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
macromedia	coldfusion	6.0	cpe:2.3:a:macromedia:coldfusion:6.0:::::::*
macromedia	coldfusion	6.1	cpe:2.3:a:macromedia:coldfusion:6.1:::::::*

References

secunia.com/advisories/12693

www.macromedia.com/devnet/security/security_zone/mpsb04-10.html

www.osvdb.org/10718

www.securityfocus.com/archive/1/377213

www.securityfocus.com/bid/11364

exchange.xforce.ibmcloud.com/vulnerabilities/17567

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

25.6%

JSON

Related for CVE-2004-2204