ID CVE-2006-4725
Summary Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox.
References
Vulnerable Configurations
  • cpe:2.3:a:adobe:coldfusion:7.0:*:linux:*:*:*:*:*
    cpe:2.3:a:adobe:coldfusion:7.0:*:linux:*:*:*:*:*
  • cpe:2.3:a:adobe:coldfusion:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:coldfusion:7.0.1:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 20-07-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 19985
confirm http://www.adobe.com/support/security/bulletins/apsb06-13.html
sectrack 1016833
secunia 21866
vupen ADV-2006-3574
xf coldfusion-cfml-sandbox-bypass(28920)
Last major update 20-07-2017 - 01:33
Published 14-09-2006 - 00:07
Last modified 20-07-2017 - 01:33
Back to Top