CVE-2005-4345 - Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an A

CVE-2005-4345

Summary

Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges.

References

http://secunia.com/advisories/18078
http://securitytracker.com/id?1015371
http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html
http://www.securityfocus.com/bid/15904
http://www.vupen.com/english/advisories/2005/2948

Vulnerable Configurations

cpe:2.3:a:macromedia:coldfusion:7.0:*:*:*:*:*:*:*
cpe:2.3:a:macromedia:coldfusion:7.0:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 08-03-2011 - 02:28)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	15904
confirm	http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html
sectrack	1015371
secunia	18078
vupen	ADV-2005-2948

Last major update

08-03-2011 - 02:28

Published

19-12-2005 - 03:47

Last modified

08-03-2011 - 02:28