CVE-2007-1874
Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/.
| Software | From | Fixed in |
|---|---|---|
| adobe / coldfusion | 7.0 | 7.0.x |
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=510
- http://osvdb.org/34930
- http://secunia.com/advisories/24850
- http://www.adobe.com/support/security/bulletins/apsb07-08.html
- http://www.securityfocus.com/bid/23405
- http://www.securitytracker.com/id?1017899
- http://www.vupen.com/english/advisories/2007/1341
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33571
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime