Vulnerability Description
Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Macromedia | Coldfusion | All versions |
| Macromedia | Coldfusion Professional | All versions |
References
- http://www.iss.net/security_center/static/9460.phpPatch
- http://www.macromedia.com/v1/handlers/index.cfm?ID=23161Patch
- http://www.securityfocus.com/bid/5121Patch
- http://www.iss.net/security_center/static/9460.phpPatch
- http://www.macromedia.com/v1/handlers/index.cfm?ID=23161Patch
- http://www.securityfocus.com/bid/5121Patch
FAQ
What is CVE-2002-1992?
CVE-2002-1992 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header.
How severe is CVE-2002-1992?
CVE-2002-1992 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1992?
Check the references section above for vendor advisories and patch information. Affected products include: Macromedia Coldfusion, Macromedia Coldfusion Professional.