CVE-2001-0535

Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.

Published: Oct 30, 2001
Updated: Apr 13, 2023
CVE: CVE-2001-0535
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
macromedia / coldfusion_server	4.x	4.x.x

http://www.allaire.com/Handlers/index.cfm?ID=21700
http://xforce.iss.net/alerts/advise92.php

Vulnerability Database

289,697

CVE-2001-0535