CVE-1999-0477

HIGH

Description

The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly.

References

http://www.securityfocus.com/bid/115

Details

Source: MITRE

Published: 1999-12-25

Updated: 2008-09-05

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH