CVE-2004-2331

Published: Dec 31, 2004Modified: Apr 16, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.

Affected (2)

Products: Macromedia: Coldfusion

Macromedia

1 product

Coldfusion

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Macromedia Coldfusion	Version 6.1
Macromedia Coldfusion	Version 6.1

Related CWEs

CWE-470

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.

References (8)

http://secunia.com/advisories/10743/

Source: cve@mitre.org

URL Repurposed

http://www.macromedia.com/devnet/security/security_zone/mpsb04-01.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/9521

Source: cve@mitre.org

Broken LinkPatchThird Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/14984

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://secunia.com/advisories/10743/

Source: af854a3a-2127-422b-91ae-364da2661108

URL Repurposed

http://www.macromedia.com/devnet/security/security_zone/mpsb04-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/9521

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkPatchThird Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/14984

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.