What is the severity of CVE-2001-1514?

CVE-2001-1514 has been classified with a medium severity due to its potential for unauthorized code execution.

How do I fix CVE-2001-1514?

To fix CVE-2001-1514, ensure that ColdFusion 4.5 and 5 are updated to the latest security patches released by Macromedia.

What software versions are affected by CVE-2001-1514?

CVE-2001-1514 affects ColdFusion versions 4.5 and 5.0 when running on Windows with an advanced security sandbox type set to 'operating system'.

Can CVE-2001-1514 lead to remote exploitation?

Yes, CVE-2001-1514 can potentially allow an attacker to execute arbitrary commands through child processes.

What are the main vectors of exploitation for CVE-2001-1514?

Exploitation of CVE-2001-1514 primarily occurs through the use of <CFEXECUTE> and <CFOBJECT> to create child processes without appropriate security context.

Vulnerability/
CVE-2001-1514

critical

CWE

NVD-CWE-Other

31/12/2001

14/7/2005

16/9/2024

CVE-2001-1514

First published: Mon Dec 31 2001(Updated: )

ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Adobe ColdFusion	=4.5
Adobe ColdFusion	=5.0

Never miss a vulnerability like this again

Reference Links

http://www.macromedia.com/v1/Handlers/index.cfm?ID=22263

Frequently Asked Questions

What is the severity of CVE-2001-1514?
CVE-2001-1514 has been classified with a medium severity due to its potential for unauthorized code execution.
How do I fix CVE-2001-1514?
To fix CVE-2001-1514, ensure that ColdFusion 4.5 and 5 are updated to the latest security patches released by Macromedia.
What software versions are affected by CVE-2001-1514?
CVE-2001-1514 affects ColdFusion versions 4.5 and 5.0 when running on Windows with an advanced security sandbox type set to 'operating system'.
Can CVE-2001-1514 lead to remote exploitation?
Yes, CVE-2001-1514 can potentially allow an attacker to execute arbitrary commands through child processes.
What are the main vectors of exploitation for CVE-2001-1514?
Exploitation of CVE-2001-1514 primarily occurs through the use of <CFEXECUTE> and <CFOBJECT> to create child processes without appropriate security context.

agent/type
agent/first-publish-date
agent/softwarecombine
agent/references
agent/weakness
agent/severity
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/source
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/macromedia
canonical/adobe coldfusion
version/adobe coldfusion/4.5
version/adobe coldfusion/5.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.