CVE-2004-0928
First published: Tue Oct 05 2004(Updated: )
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hitachi Cosminexus Enterprise | =01_01_1 | |
| Hitachi Cosminexus Enterprise | =01_02_2 | |
| Hitachi Cosminexus Enterprise | =01_01_1 | |
| Adobe JRun | =3.1 | |
| Adobe JRun | =3.0 | |
| Adobe ColdFusion | =6.1 | |
| Adobe ColdFusion | =6.0 | |
| Hitachi Cosminexus Server | =web_01-01_2 | |
| Hitachi Cosminexus Server | =web_01-01_1 | |
| Adobe JRun | =4.0 | |
| Hitachi Cosminexus Enterprise | =01_02_2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.idefense.com/application/poi/display?id=148&type=vulnerabilities
- http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html
- http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html
- http://www.kb.cert.org/vuls/id/977440
- http://www.securityfocus.com/bid/11245
- http://secunia.com/advisories/12638/
- http://secunia.com/advisories/12647/
- http://marc.info/?l=bugtraq&m=109621995623823&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17484
Frequently Asked Questions
What is the severity of CVE-2004-0928?
CVE-2004-0928 is considered a high-severity vulnerability due to potential unauthorized access to sensitive files.
How do I fix CVE-2004-0928?
To fix CVE-2004-0928, ensure that recent patches are applied to affected software versions and review authentication settings.
What software is affected by CVE-2004-0928?
CVE-2004-0928 affects Macromedia JRun 3.0, 3.1, and 4.0, as well as Macromedia ColdFusion 6.0, 6.1, and specific versions of Hitachi Cosminexus.
Can CVE-2004-0928 lead to data exposure?
Yes, CVE-2004-0928 can allow remote attackers to access and view source files, leading to potential data exposure.
Is CVE-2004-0928 a remote code execution vulnerability?
CVE-2004-0928 is not directly a remote code execution vulnerability but allows bypassing authentication, which can lead to further exploitation.
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/hitachi
- canonical/hitachi cosminexus enterprise
- version/hitachi cosminexus enterprise/01_01_1
- version/hitachi cosminexus enterprise/01_02_2
- vendor/macromedia
- canonical/adobe jrun
- version/adobe jrun/3.1
- version/adobe jrun/3.0
- canonical/adobe coldfusion
- version/adobe coldfusion/6.1
- version/adobe coldfusion/6.0
- canonical/hitachi cosminexus server
- version/hitachi cosminexus server/web_01-01_2
- version/hitachi cosminexus server/web_01-01_1
- version/adobe jrun/4.0