The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=109621995623823&w=2 | |
http://secunia.com/advisories/12638/ | Patch Vendor Advisory |
http://secunia.com/advisories/12647/ | Patch Vendor Advisory |
http://www.idefense.com/application/poi/display?id=148&type=vulnerabilities | Patch Vendor Advisory |
http://www.kb.cert.org/vuls/id/977440 | Patch Third Party Advisory US Government Resource |
http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html | Patch Vendor Advisory |
http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html | Patch Vendor Advisory |
http://www.securityfocus.com/bid/11245 | Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17484 |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2004-10-05 04:00
Updated : 2024-02-28 10:24
NVD link : CVE-2004-0928
Mitre link : CVE-2004-0928
CVE.ORG link : CVE-2004-0928
JSON object : View
Products Affected
hitachi
- cosminexus_server
- cosminexus_enterprise
macromedia
- coldfusion
- jrun
CWE