National Cyber-Alert System
Vulnerability Summary: CVE-1999-0455
Orirignal release date: 1999-12-25
Source: US-CERT/NIST

Overview

    The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly.

Impact

    CVSS Severity: 9 (High)
    Range: remote
    Authentication: access,design
    Impact Type: conf,int,sec_prot other="1"

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    ColdFusion Server (Allaire)

Technical Details

CVE Standard Vulnerability Entry: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0455