| Vulnerability Name: | CCN-12570 |
| Published: | 2003-07-07 |
| Updated: | 2003-07-07 |
| Summary: | Macromedia ColdFusion MX could allow a remote attacker to obtain sensitive information. The Remote Development Service (RDS) is a security component of the ColdFusion Server that allows file and database access via a remote HTTP connection. By default, the RDS Java servlet runs with LocalSystem privileges in the context of the ColdFusion application service account. A remote authenticated attacker can modify their Web site properties to gain access to files on the vulnerable server. |
| CVSS v3 Severity: | |
| CVSS v2 Severity: | |
| Vulnerability Consequences: | Obtain Information |
| References: | Source: CCN Type: AngryPacket Security Advisory 0006_AP.CF-rds-dump Remote RDS problem and sample runtime exploit code Source: CCN Type: BID-8109 Macromedia ColdFusion MX Remote Development Service File Disclosure Vulnerability Source: XF Type: UNKNOWN coldfusion-rds-file-access(12570) |
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable |
| BACK | |