PT-2006-5503 · Adobe · Coldfusion Mx

Published

2006-09-14

Updated

2017-07-20

CVE-2006-4725

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion MX versions 7 and 7.01

Description The issue allows local users to bypass security restrictions. It enables them to call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox.

Recommendations For Adobe ColdFusion MX versions 7 and 7.01, consider restricting access to CFML templates located outside of the sandbox to prevent bypassing of security restrictions. As a temporary workaround, limit the ability to call components within a sandbox from external CFML templates until a more permanent solution is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4725

Affected Products

Coldfusion Mx

PT-2006-5503 · Adobe · Coldfusion Mx

CVE-2006-4725

Related Identifiers

Affected Products

References · 8