CVE-2004-0928
First published: Tue Oct 05 2004(Updated: )
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hitachi Cosminexus Enterprise | =01_01_1 | |
| Hitachi Cosminexus Enterprise | =01_02_2 | |
| Hitachi Cosminexus Enterprise | =01_01_1 | |
| Macromedia JRun | =3.1 | |
| Macromedia JRun | =3.0 | |
| Macromedia ColdFusion | =6.1 | |
| Macromedia ColdFusion | =6.0 | |
| Hitachi Cosminexus Server | =web_01-01_2 | |
| Hitachi Cosminexus Server | =web_01-01_1 | |
| Macromedia JRun | =4.0 | |
| Hitachi Cosminexus Enterprise | =01_02_2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.idefense.com/application/poi/display?id=148&type=vulnerabilities
- http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html
- http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html
- http://www.kb.cert.org/vuls/id/977440
- http://www.securityfocus.com/bid/11245
- http://secunia.com/advisories/12638/
- http://secunia.com/advisories/12647/
- http://marc.info/?l=bugtraq&m=109621995623823&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17484
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/hitachi
- canonical/hitachi cosminexus enterprise
- version/hitachi cosminexus enterprise/01_01_1
- version/hitachi cosminexus enterprise/01_02_2
- vendor/macromedia
- canonical/macromedia jrun
- version/macromedia jrun/3.1
- version/macromedia jrun/3.0
- canonical/macromedia coldfusion
- version/macromedia coldfusion/6.1
- version/macromedia coldfusion/6.0
- canonical/hitachi cosminexus server
- version/hitachi cosminexus server/web_01-01_2
- version/hitachi cosminexus server/web_01-01_1
- version/macromedia jrun/4.0