The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=109621995623823&w=2 | |
http://secunia.com/advisories/12638/ | Patch Vendor Advisory |
http://secunia.com/advisories/12647/ | Patch Vendor Advisory |
http://www.idefense.com/application/poi/display?id=148&type=vulnerabilities | Patch Vendor Advisory |
http://www.kb.cert.org/vuls/id/977440 | Patch Third Party Advisory US Government Resource |
http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html | Patch Vendor Advisory |
http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html | Patch Vendor Advisory |
http://www.securityfocus.com/bid/11245 | Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17484 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2005-04-21T04:00:00
Updated: 2017-07-10T14:57:01
Reserved: 2004-10-04T00:00:00
Link: CVE-2004-0928
JSON object: View
NVD Information
Status : Modified
Published: 2004-10-05T04:00:00.000
Modified: 2017-07-11T01:30:35.137
Link: CVE-2004-0928
JSON object: View
Redhat Information
No data.
CWE