CVE-2005-4342

critical

Description

ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability."

References

http://www.vupen.com/english/advisories/2005/2948

http://www.securityfocus.com/bid/15904

http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html

http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html

http://securitytracker.com/id?1015369

http://secunia.com/advisories/18078

Details

Source: Mitre, NVD

Published: 2005-12-19

Updated: 2011-03-08

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical