Vulnerability Description
Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection Vulnerability".
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Macromedia | Coldfusion | 6.0 |
References
- http://secunia.com/advisories/18078PatchVendor Advisory
- http://securitytracker.com/id?1015369PatchVendor Advisory
- http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.htmlPatch
- http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.htmlPatch
- http://www.securityfocus.com/bid/15904Patch
- http://www.vupen.com/english/advisories/2005/2948
- http://secunia.com/advisories/18078PatchVendor Advisory
- http://securitytracker.com/id?1015369PatchVendor Advisory
- http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.htmlPatch
- http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.htmlPatch
- http://www.securityfocus.com/bid/15904Patch
- http://www.vupen.com/english/advisories/2005/2948
FAQ
What is CVE-2005-4343?
CVE-2005-4343 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by...
How severe is CVE-2005-4343?
CVE-2005-4343 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4343?
Check the references section above for vendor advisories and patch information. Affected products include: Macromedia Coldfusion.