Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2004-0928

The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".

Published

2004-10-05T04:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hitachi	cosminexus_enterprise	01_01_1	Yes
Application	hitachi	cosminexus_enterprise	01_01_1	Yes
Application	hitachi	cosminexus_enterprise	01_02_2	Yes
Application	hitachi	cosminexus_enterprise	01_02_2	Yes
Application	hitachi	cosminexus_server	web_01-01_1	Yes
Application	hitachi	cosminexus_server	web_01-01_2	Yes
Application	macromedia	coldfusion	6.0	Yes
Application	macromedia	coldfusion	6.1	Yes
Application	macromedia	jrun	3.0	Yes
Application	macromedia	jrun	3.1	Yes
Application	macromedia	jrun	4.0	Yes

References

http://marc.info/?l=bugtraq&m=109621995623823&w=2 ([email protected])
http://secunia.com/advisories/12638/ Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/12647/ Patch, Vendor Advisory ([email protected])
http://www.idefense.com/application/poi/display?id=148&type=vulnerabilities Patch, Vendor Advisory ([email protected])
http://www.kb.cert.org/vuls/id/977440 Patch, Third Party Advisory, US Government Resource ([email protected])
http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html Patch, Vendor Advisory ([email protected])
http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/11245 Patch, Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/17484 ([email protected])
http://marc.info/?l=bugtraq&m=109621995623823&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/12638/ Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/12647/ Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.idefense.com/application/poi/display?id=148&type=vulnerabilities Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/977440 Patch, Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/11245 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17484 (af854a3a-2127-422b-91ae-364da2661108)