Remote File Execution Vulnerability in Example Applications of ColdFusion Server 4.x

Remote File Execution Vulnerability in Example Applications of ColdFusion Server 4.x

CVE-2001-0535 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.

Learn more about our Web App Pen Testing.