CVE-2006-5858

Currently unrated

Key Information:

Vendor: Adobe
Status: Coldfusion; Jrun
Vendor: CVE Published:; 31 December 2006

Summary

Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file.

References

http://www.adobe.com/support/security/bulletins/apsb07-02...

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/457799/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/23668

third-party-advisoryx_refsource_SECUNIA

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 31, 2006
Vulnerability Reserved
Nov 10, 2006