CVE-2001-0535
First published: Fri Oct 12 2001(Updated: )
Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Macromedia Coldfusion Server | =4.x |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- vendor/macromedia
- product/coldfusion server
- canonical/macromedia coldfusion server
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/type
- agent/author
- agent/description
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- version/macromedia coldfusion server/4.x