Vulnerability Description
Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Macromedia | Coldfusion | 6.0 |
References
- http://secunia.com/advisories/12693Vendor Advisory
- http://www.macromedia.com/devnet/security/security_zone/mpsb04-10.htmlVendor Advisory
- http://www.osvdb.org/10718
- http://www.securityfocus.com/archive/1/377213
- http://www.securityfocus.com/bid/11364
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17567
- http://secunia.com/advisories/12693Vendor Advisory
- http://www.macromedia.com/devnet/security/security_zone/mpsb04-10.htmlVendor Advisory
- http://www.osvdb.org/10718
- http://www.securityfocus.com/archive/1/377213
- http://www.securityfocus.com/bid/11364
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17567
FAQ
What is CVE-2004-2204?
CVE-2004-2204 is a vulnerability with a CVSS score of 7.2 (HIGH). Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administr...
How severe is CVE-2004-2204?
CVE-2004-2204 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2204?
Check the references section above for vendor advisories and patch information. Affected products include: Macromedia Coldfusion.