ColdFusion < 7.01 MX Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 3330

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running Macromedia ColdFusion, a web application server. This version of ColdFusion is vulnerable to a number of flaws. Some of the attacks are remote in nature; however, most of the attacks require local user access. Successful exploitation results in remote users bypassing security mechanisms or local users escalating their privileges (potentially to Administrator rights)

Solution

Upgrade to ColdFusion 7.01 MX or higher.

See Also

http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html

Plugin Details

Severity: High

ID: 3330

Family: Web Servers

Published: 12/19/2005

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:U/RC:C

Vulnerability Information

CPE: cpe:/a:macromedia:coldfusion

Reference Information

CVE: CVE-2005-4342, CVE-2005-4343, CVE-2005-4344, CVE-2005-4345

BID: 15904