CVE-2004-0928 - The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows r

CVE-2004-0928

Summary

The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".

References

Vulnerable Configurations

cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:*:enterprise:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:*:enterprise:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:*:standard:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:*:standard:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:*:enterprise:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:*:enterprise:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:*:standard:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:*:standard:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_server:web_01-01_1:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_server:web_01-01_1:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_server:web_01-01_2:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_server:web_01-01_2:*:*:*:*:*:*:*
cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*
cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*
cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*
cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*
cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*
cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*
cpe:2.3:a:macromedia:jrun:3.1:*:*:*:*:*:*:*
cpe:2.3:a:macromedia:jrun:3.1:*:*:*:*:*:*:*
cpe:2.3:a:macromedia:jrun:4.0:*:*:*:*:*:*:*
cpe:2.3:a:macromedia:jrun:4.0:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	11245
bugtraq	20040923 New Macromedia Security Zone Bulletins Posted
cert-vn	VU#977440
confirm	http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html
idefense	20041005 ColdFusion MX 6.1 on IIS File Contents Disclosure
secunia	12638 12647
xf	coldfusion-jrun-restriction-bypass(17484)

saint via4

bid	11245
description	JRun mod_jrun WriteToLog buffer overflow
osvdb	10546
title	jrun_writetolog_bo
type	remote

Last major update

11-07-2017 - 01:30

Published

05-10-2004 - 04:00

Last modified

11-07-2017 - 01:30