National Cyber-Alert System
Vulnerability Summary: CVE-2001-0535
Orirignal release date: 2001-10-30
Source: US-CERT/NIST

Overview

    Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.

Impact

    CVSS Severity: 9 (High)
    Range: remote
    Authentication: access,design
    Impact Type: conf,int,sec_prot other="1"

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    ColdFusion Server (Macromedia)

Technical Details

CVE Standard Vulnerability Entry: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0535