CVE-2004-2505

Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data.

Published: Dec 31, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-2505
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
macromedia / coldfusion	6.0	6.0.x
macromedia / coldfusion	5.0	5.0.x

http://archives.neohapsis.com/archives/bugtraq/2004-04/0184.html
http://www.securityfocus.com/bid/10163
https://exchange.xforce.ibmcloud.com/vulnerabilities/15895

Vulnerability Database

289,784

CVE-2004-2505