CVE-2004-2505

Macromedia ColdFusion MX <6.1 - DoS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2505. PoCs published by K. K. Mookhey.

AI-analyzed exploit summary This exploit triggers a denial of service in Macromedia ColdFusion MX by generating an oversized error message through a malformed date string. The vulnerability is exploited by creating a long string and attempting to format it as a date, causing the server to crash or become unresponsive.

Description

Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data.

Exploits (1)

exploitdb WORKING POC VERIFIED
by K. K. Mookhey · textdosmultiple
https://www.exploit-db.com/exploits/24013

This exploit triggers a denial of service in Macromedia ColdFusion MX by generating an oversized error message through a malformed date string. The vulnerability is exploited by creating a long string and attempting to format it as a date, causing the server to crash or become unresponsive.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Macromedia ColdFusion MX
No auth needed
Prerequisites: Access to a ColdFusion MX server with error logging enabled
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2004-04/0184.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15895
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10163

Scores

EPSS 0.0320
EPSS Percentile 86.6%

Details

Status published
Products (2)
macromedia/coldfusion 5.0
macromedia/coldfusion 6.0
Published Dec 31, 2004
Tracked Since Feb 18, 2026