CVE-2004-0928

Name of the Vulnerable Software and Affected Versions: JRun version 4.0 Macromedia ColdFusion MX versions 6.0, 6.1, and 6.1 J2EE

Description: The issue allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".

Recommendations: For JRun version 4.0, consider restricting access to sensitive files until a patch is available. For Macromedia ColdFusion MX versions 6.0, 6.1, and 6.1 J2EE, avoid using the HTTP request that ends in ";.cfm" to prevent bypassing authentication.