Authentication Bypass Vulnerability in JRun 4.0 and ColdFusion MX by Macromedia
CVE-2004-0928

Currently unrated

Key Information:

Vendor

Hitachi
Status
Cosminexus Enterprise
Jrun
Coldfusion
Cosminexus Server
Vendor
CVE Published:
5 October 2004

What is CVE-2004-0928?

An authentication bypass vulnerability exists in the Microsoft IIS Connector for JRun 4.0 and Macromedia ColdFusion MX 6.0 and 6.1. This issue allows remote attackers to bypass authentication mechanisms, enabling them to access sensitive files such as .asp, .pl, and .php via specially crafted HTTP requests. This could lead to unauthorized exposure of critical application files, potentially compromising the integrity and confidentiality of the server.

References

http://marc.info/?l=bugtraq&m=109621995623823&w=2
mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/12647/
third-party-advisoryx_refsource_SECUNIA
http://www.kb.cert.org/vuls/id/977440
third-party-advisoryx_refsource_CERT-VN

EPSS Score

28% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.