Vulnerability Description
HTTP Client application in ColdFusion allows remote attackers to bypass access restrictions for web pages on other ports by providing the target page to the mainframeset.cfm application, which requests the page from the server, making it look like the request is coming from the local host.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Allaire | Coldfusion | All versions |
References
- http://packetstorm.securify.com/mag/phrack/phrack54/P54-08
- http://packetstorm.securify.com/mag/phrack/phrack54/P54-08
FAQ
What is CVE-1999-1124?
CVE-1999-1124 is a vulnerability with a CVSS score of 7.5 (HIGH). HTTP Client application in ColdFusion allows remote attackers to bypass access restrictions for web pages on other ports by providing the target page to the mainframeset.cfm application, which request...
How severe is CVE-1999-1124?
CVE-1999-1124 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-1999-1124?
Check the references section above for vendor advisories and patch information. Affected products include: Allaire Coldfusion.