CVE-1999-0455 - The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete

CVE-1999-0455

Summary

The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly.

References

http://www.securityfocus.com/bid/115

Vulnerable Configurations

cpe:2.3:a:allaire:coldfusion_server:4.0:*:*:*:*:*:*:*
cpe:2.3:a:allaire:coldfusion_server:4.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 09-09-2008 - 12:34)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

allaire	ASB-001
bid	115
xf	coldfusion-expression-evaluator

Last major update

09-09-2008 - 12:34

Published

25-12-1999 - 05:00

Last modified

09-09-2008 - 12:34