ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.
References
Link | Resource |
---|---|
http://secunia.com/advisories/10743/ | URL Repurposed |
http://www.macromedia.com/devnet/security/security_zone/mpsb04-01.html | Patch Vendor Advisory |
http://www.securityfocus.com/bid/9521 | Broken Link Patch Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/14984 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2005-08-16T04:00:00
Updated: 2017-07-10T14:57:01
Reserved: 2005-08-16T00:00:00
Link: CVE-2004-2331
JSON object: View
NVD Information
Status : Analyzed
Published: 2004-12-31T05:00:00.000
Modified: 2024-01-25T02:16:43.560
Link: CVE-2004-2331
JSON object: View
Redhat Information
No data.
CWE