ColdFusion < 7.01 MX Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 3330

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running Macromedia ColdFusion, a web application server. This version of ColdFusion is vulnerable to a number of flaws. Some of the attacks are remote in nature; however, most of the attacks require local user access. Successful exploitation results in remote users bypassing security mechanisms or local users escalating their privileges (potentially to Administrator rights)

Solution

Upgrade to ColdFusion 7.01 MX or higher.

See Also

http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html

Plugin Details

Severity: High

ID: 3330

File Name: 3330.prm

Family: Web Servers

Published: 2005/12/19

Modified: 2016/01/21

Dependencies: 2804, 2805

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:U/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.7

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:U/RC:C

Reference Information

CVE: CVE-2005-4342, CVE-2005-4343, CVE-2005-4344, CVE-2005-4345

BID: 15904

OSVDB: 21897, 21898, 21899, 22865