ColdFusion < 7.01 MX Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 3330


The remote host is vulnerable to multiple attack vectors.


The remote host is running Macromedia ColdFusion, a web application server. This version of ColdFusion is vulnerable to a number of flaws. Some of the attacks are remote in nature; however, most of the attacks require local user access. Successful exploitation results in remote users bypassing security mechanisms or local users escalating their privileges (potentially to Administrator rights)


Upgrade to ColdFusion 7.01 MX or higher.

See Also

Plugin Details

Severity: High

ID: 3330

File Name: 3330.prm

Family: Web Servers

Published: 2005/12/19

Modified: 2016/01/21

Dependencies: 2804, 2805

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:U/RC:C


Base Score: 7.3

Temporal Score: 6.7


Temporal Vector: CVSS3#E:U/RL:U/RC:C

Reference Information

CVE: CVE-2005-4342, CVE-2005-4343, CVE-2005-4344, CVE-2005-4345

BID: 15904

OSVDB: 21897, 21898, 21899, 22865