Home  >  CVE-2004-0928
CVE Details for CVE: CVE-2004-0928
Summary
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
Timestamps
Last major update 11-07-2017 - 01:30
Published 05-10-2004 - 04:00
Last modified 11-07-2017 - 01:30
References
Vulnerable Configurations
  • cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:*:enterprise:*:*:*:*:*
    cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:*:enterprise:*:*:*:*:*
  • cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:*:standard:*:*:*:*:*
    cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:*:standard:*:*:*:*:*
  • cpe:2.3:a:macromedia:jrun:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:macromedia:jrun:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:*:enterprise:*:*:*:*:*
    cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:*:enterprise:*:*:*:*:*
  • cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:*:standard:*:*:*:*:*
    cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:*:standard:*:*:*:*:*
  • cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:macromedia:jrun:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:macromedia:jrun:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:hitachi:cosminexus_server:web_01-01_1:*:*:*:*:*:*:*
    cpe:2.3:a:hitachi:cosminexus_server:web_01-01_1:*:*:*:*:*:*:*
  • cpe:2.3:a:hitachi:cosminexus_server:web_01-01_2:*:*:*:*:*:*:*
    cpe:2.3:a:hitachi:cosminexus_server:web_01-01_2:*:*:*:*:*:*:*
  • cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*
CAPEC
Click the CAPEC title to display a description
CWE
NVD-CWE-Other
CVSS
Base
5.0
Impact
2.9
Exploitability
10.0
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
CVSS3
None
VIA4 references
cvss-vector via4
AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 11245
bugtraq 20040923 New Macromedia Security Zone Bulletins Posted
cert-vn VU#977440
confirm
idefense 20041005 ColdFusion MX 6.1 on IIS File Contents Disclosure
secunia
  • 12638
  • 12647
xf coldfusion-jrun-restriction-bypass(17484)
saint via4
bid 11245
description JRun mod_jrun WriteToLog buffer overflow
osvdb 10546
title jrun_writetolog_bo
type remote