Description
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
References (9)
Core 9
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109621995623823&w=2
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/12647/
Patch, Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/977440
Patch, Vendor Advisory third-party-advisory
x_refsource_idefense
http://www.idefense.com/application/poi/display?id=148&type=vulnerabilities
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11245
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17484
Patch, Vendor Advisory x_refsource_confirm
http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/12638/
Patch, Vendor Advisory x_refsource_confirm
http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html
Scores
EPSS
0.2088
EPSS Percentile
95.7%
Details
Status
published
Products (9)
hitachi/cosminexus_enterprise
01_01_1 (2 CPE variants)
hitachi/cosminexus_enterprise
01_02_2 (2 CPE variants)
hitachi/cosminexus_server
web_01-01_1
hitachi/cosminexus_server
web_01-01_2
macromedia/coldfusion
6.0
macromedia/coldfusion
6.1
macromedia/jrun
3.0
macromedia/jrun
3.1
macromedia/jrun
4.0
Published
Oct 05, 2004
Tracked Since
Feb 18, 2026