CVE-2007-1874
First published: Wed Apr 11 2007(Updated: )
Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe ColdFusion | =7.0 | |
| Adobe ColdFusion | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.adobe.com/support/security/bulletins/apsb07-08.html
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=510
- http://secunia.com/advisories/24850
- http://www.securityfocus.com/bid/23405
- http://www.securitytracker.com/id?1017899
- http://osvdb.org/34930
- http://www.vupen.com/english/advisories/2007/1341
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33571
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/adobe
- canonical/adobe coldfusion
- version/adobe coldfusion/7.0