File Disclosure Vulnerability in Adobe ColdFusion and JRun on Microsoft IIS
CVE-2006-5858

Currently unrated

Key Information:

Vendor

Adobe
Status
Coldfusion
Jrun
Vendor
CVE Published:
31 December 2006

What is CVE-2006-5858?

Adobe ColdFusion MX 7 up to 7.0.2 and JRun 4, when configured on Microsoft IIS, are susceptible to a security vulnerability that permits unauthorized remote attackers to read arbitrary files. This exploitation can occur through a manipulation involving a double URL-encoded NULL byte in the ColdFusion filename, such as that of a CFM file. Consequently, attackers may gain access to sensitive information, including source code and directory structures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.adobe.com/support/security/bulletins/apsb07-02...
x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/457799/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/23668
third-party-advisoryx_refsource_SECUNIA

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.