CVE-2001-0535

Published: Oct 30, 2001Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.

Affected (1)

Products: Macromedia: Coldfusion Server

1 product

Coldfusion Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Macromedia Coldfusion Server	Version 4.x

References (4)

http://www.allaire.com/Handlers/index.cfm?ID=21700

Source: cve@mitre.org

Vendor Advisory

http://xforce.iss.net/alerts/advise92.php

Source: cve@mitre.org

Vendor Advisory

http://www.allaire.com/Handlers/index.cfm?ID=21700

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://xforce.iss.net/alerts/advise92.php

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.