Vulnerability CVE-1999-0923

Vulnerability Name:

CVE-1999-0923 (CCN-1741)

Assigned:

1999-02-04

Published:

1999-02-04

Updated:

2008-09-05

Summary:

Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

File Manipulation

References:

Source: MITRE
Type: CNA
CVE-1999-0923

Source: ALLAIRE
Type: Patch, Vendor Advisory
ASB99-02

Source: CCN
Type: Macromedia Web site
ColdFusion 4.0.1 Update

Source: CCN
Type: Macromedia/Allaire Security Bulletin ASB99-02
ColdFusion 4.0 Example Applications and Sample Code Exposes Servers

Source: XF
Type: UNKNOWN
coldfusion-source-display(1741)

Vulnerable Configuration:

Configuration 1:

cpe:/a:allaire:coldfusion_server:4.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:macromedia:coldfusion:*:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:*:*:*:*:*:*:*

Denotes that component is vulnerable

Vulnerability Name:

CVE-1999-0923 (CCN-1743)

Assigned:

1999-02-04

Published:

1999-02-04

Updated:

1999-02-04

Summary:

The fileexists.cfm sample program packaged with ColdFusion Server, could allow an attacker to obtain sensitive information. A remote attacker could use the fileexists.cfm program, to remotely confirm the existence of arbitrary files on the server. This information could be useful to an attacker in performing additional attacks.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-1999-0923

Source: CCN
Type: Macromedia Web site
ColdFusion 4.0.1 Update

Source: CCN
Type: Macromedia/Allaire Security Bulletin ASB99-02
ColdFusion 4.0 Example Applications and Sample Code Exposes Servers

Source: XF
Type: UNKNOWN
coldfusion-file-existence(1743)

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:macromedia:coldfusion:*:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:*:*:*:*:*:*:*

Denotes that component is vulnerable

Vulnerability Name:

CVE-1999-0923 (CCN-1744)

Assigned:

1999-02-04

Published:

1999-02-04

Updated:

2008-09-05

Summary:

Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

File Manipulation

References:

Source: MITRE
Type: CNA
CVE-1999-0922

Source: MITRE
Type: CNA
CVE-1999-0923

Source: CCN
Type: Macromedia Web site
ColdFusion 4.0.1 Update

Source: CCN
Type: Macromedia/Allaire Security Bulletin ASB99-02
ColdFusion 4.0 Example Applications and Sample Code Exposes Servers

Source: CCN
Type: OSVDB ID: 3239
ColdFusion sourcewindow.cfm View Arbitrary File

Source: XF
Type: UNKNOWN
coldfusion-sourcewindow(1744)

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:macromedia:coldfusion:*:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK