CVE-1999-0477

The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly.

Published: Dec 25, 1999
Updated: Apr 13, 2023
CVE: CVE-1999-0477
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
allaire / coldfusion_server	4.0	4.0.x
allaire / coldfusion_server	3.12	3.12.x
allaire / coldfusion_server	2.0	2.0.x
allaire / coldfusion_server	3.01	3.01.x
allaire / coldfusion_server	3.0	3.0.x
allaire / coldfusion_server	3.11	3.11.x

http://www.securityfocus.com/bid/115

Vulnerability Database

289,784

CVE-1999-0477