Vulnerability Note VU#135531
Allaire ColdFusion Server contains vulnerability allowing unauthorized user read/delete access to files
Overview
A vulnerability exists in Allaire ColdFusion Server which allows an attacker to have unauthorized read and delete access to files on the target host.
Description
A remotely exploitable vulnerability exists in the Allaire ColdFusion Server which could allow an attacker to have unauthorized read and delete access to files on the target host. For more information on this vulnerability and versions affected, please see the Macromedia Product Security Bulletin (MPSB01-07). |
Impact
An attacker can cause the ColdFusion server to retrieve or delete arbitrary files accessible to the ColdFusion server process. This vulnerability may allow an attacker to disclose confidential information and/or destroy data on the target host. Note that this attack does not depend on how the targeted site's ColdFusion application is coded in the ColdFusion Markup Language (CFML). |
Solution
Apply the following patches available from Allaire: Windows Editions |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Macromedia Inc. | Affected | 11 Jul 2001 | 30 Jul 2001 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
Credit
This vulnerability was reported to the CERT/CC by Macromedia on July 11, 2001.
This document was written by Ian A. Finlay.
Other Information
- CVE IDs: CAN-2001-1120
- Date Public: 11 Jul 2001
- Date First Published: 30 Jul 2001
- Date Last Updated: 09 Apr 2003
- Severity Metric: 18.98
- Document Revision: 24
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.