CVE-2001-0535

Name of the Vulnerable Software and Affected Versions: ColdFusion Server versions 4.x

Description: The issue allows remote attackers to upload, read, or execute files by spoofing the HTTP Host (CGI.Host) variable in example scripts, specifically in the Web Publish and Email example scripts. This is due to improper restriction of access from outside the local host's domain.

Recommendations: For ColdFusion Server version 4.x, restrict access to the Web Publish and Email example scripts to prevent remote attackers from spoofing the HTTP Host (CGI.Host) variable. As a temporary workaround, consider disabling the Web Publish and Email example scripts until a proper fix is applied.