Vulnerability Description
ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Allaire | Coldfusion Server | 4.0 |
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0028.html
- http://online.securityfocus.com/archive/1/268263
- http://www.iss.net/security_center/static/8866.phpPatchVendor Advisory
- http://www.macromedia.com/v1/handlers/index.cfm?ID=22906PatchVendor Advisory
- http://www.osvdb.org/3337
- http://www.securityfocus.com/bid/4542PatchVendor Advisory
- http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0028.html
- http://online.securityfocus.com/archive/1/268263
- http://www.iss.net/security_center/static/8866.phpPatchVendor Advisory
- http://www.macromedia.com/v1/handlers/index.cfm?ID=22906PatchVendor Advisory
- http://www.osvdb.org/3337
- http://www.securityfocus.com/bid/4542PatchVendor Advisory
FAQ
What is CVE-2002-0576?
CVE-2002-0576 is a vulnerability with a CVSS score of 5.0 (MEDIUM). ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, whic...
How severe is CVE-2002-0576?
CVE-2002-0576 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0576?
Check the references section above for vendor advisories and patch information. Affected products include: Allaire Coldfusion Server.