Authentication Bypass Vulnerability in JRun 4.0 and ColdFusion MX by Macromedia
CVE-2004-0928

Currently unrated

Key Information:

Vendor: Hitachi
Status: Cosminexus Enterprise; Jrun; Coldfusion; Cosminexus Server
Vendor: CVE Published:; 5 October 2004

Summary

An authentication bypass vulnerability exists in the Microsoft IIS Connector for JRun 4.0 and Macromedia ColdFusion MX 6.0 and 6.1. This issue allows remote attackers to bypass authentication mechanisms, enabling them to access sensitive files such as .asp, .pl, and .php via specially crafted HTTP requests. This could lead to unauthorized exposure of critical application files, potentially compromising the integrity and confidentiality of the server.

References

http://marc.info/?l=bugtraq&m=109621995623823&w=2

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/12647/

third-party-advisoryx_refsource_SECUNIA

http://www.kb.cert.org/vuls/id/977440

third-party-advisoryx_refsource_CERT-VN

EPSS Score

33% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 5, 2004
Vulnerability Reserved
Oct 4, 2004