Vulnerability Description
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hitachi | Cosminexus Enterprise | 01_01_1 |
| Hitachi | Cosminexus Server | web_01-01_1 |
| Macromedia | Coldfusion | 6.0 |
| Macromedia | Jrun | 3.0 |
References
- http://marc.info/?l=bugtraq&m=109621995623823&w=2
- http://secunia.com/advisories/12638/PatchVendor Advisory
- http://secunia.com/advisories/12647/PatchVendor Advisory
- http://www.idefense.com/application/poi/display?id=148&type=vulnerabilitiesPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/977440PatchThird Party AdvisoryUS Government Resource
- http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.htmlPatchVendor Advisory
- http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/11245PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17484
- http://marc.info/?l=bugtraq&m=109621995623823&w=2
- http://secunia.com/advisories/12638/PatchVendor Advisory
- http://secunia.com/advisories/12647/PatchVendor Advisory
- http://www.idefense.com/application/poi/display?id=148&type=vulnerabilitiesPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/977440PatchThird Party AdvisoryUS Government Resource
- http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.htmlPatchVendor Advisory
FAQ
What is CVE-2004-0928?
CVE-2004-0928 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, v...
How severe is CVE-2004-0928?
CVE-2004-0928 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0928?
Check the references section above for vendor advisories and patch information. Affected products include: Hitachi Cosminexus Enterprise, Hitachi Cosminexus Server, Macromedia Coldfusion, Macromedia Jrun.