CVE-1999-0477

Description

The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly.

Affected Software
References

Software	From	Fixed in
allaire / coldfusion_server	4.0	4.0.x
allaire / coldfusion_server	3.12	3.12.x
allaire / coldfusion_server	2.0	2.0.x
allaire / coldfusion_server	3.01	3.01.x
allaire / coldfusion_server	3.0	3.0.x
allaire / coldfusion_server	3.11	3.11.x

http://www.securityfocus.com/bid/115

Severity: High

CVE: CVE-1999-0477
Published: Dec 25, 1999
Updated: Apr 13, 2023
Exploit:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CVE-1999-0477

Description

Details

CVSS v2