PT-2001-1739 · Adobe · Coldfusion Server

Published

2001-10-12

Updated

2008-09-05

CVE-2001-0535

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: ColdFusion Server versions 4.x

Description: The issue allows remote attackers to upload, read, or execute files by spoofing the HTTP Host (CGI.Host) variable in example scripts, specifically in the Web Publish and Email example scripts. This is due to improper restriction of access from outside the local host's domain.

Recommendations: For ColdFusion Server version 4.x, restrict access to the Web Publish and Email example scripts to prevent remote attackers from spoofing the HTTP Host (CGI.Host) variable. As a temporary workaround, consider disabling the Web Publish and Email example scripts until a proper fix is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0535

Affected Products

Coldfusion Server

PT-2001-1739 · Adobe · Coldfusion Server

CVE-2001-0535

Related Identifiers

Affected Products

References · 3