CVE-2004-0928

Currently unrated

Key Information:

Vendor: Hitachi
Status: Cosminexus Enterprise; Jrun; Coldfusion; Cosminexus Server
Vendor: CVE Published:; 5 October 2004

Summary

The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".

References

http://marc.info/?l=bugtraq&m=109621995623823&w=2

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/12647/

third-party-advisoryx_refsource_SECUNIA

http://www.kb.cert.org/vuls/id/977440

third-party-advisoryx_refsource_CERT-VN

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 5, 2004
Vulnerability Reserved
Oct 4, 2004