← back
CVE-2001-0535

CVE-2001-0535

EPSS 2.0%
Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://www.allaire.com/Handlers/index.cfm?ID=21700http://xforce.iss.net/alerts/advise92.php