Vulnerability Name:

CVE-2002-1309 (CCN-9460)

Assigned:2002-06-27
Published:2002-06-27
Updated:2016-10-18
Summary:Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: BUGTRAQ
Type: Exploit, Patch, Vendor Advisory
20021112 EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities

Source: VULNWATCH
Type: UNKNOWN
20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities

Source: MITRE
Type: CNA
CVE-2002-1309

Source: MITRE
Type: CNA
CVE-2002-1992

Source: BUGTRAQ
Type: UNKNOWN
20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities

Source: CCN
Type: eEye Digital Security Advisory AD20021112
Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow

Source: EEYE
Type: UNKNOWN
AD20021112

Source: CCN
Type: Macromedia Product Security Bulletin MPSB02-05
Patch Available for Buffer Overflow attack on ColdFusion MX with Microsoft IIS

Source: CCN
Type: OSVDB ID: 60008
Macromedia ColdFusion MX on IIS jrun.dll Template File Name Handling Remote Overflow DoS

Source: CCN
Type: OSVDB ID: 60009
Macromedia ColdFusion MX on IIS jrun.dll HTTP Header Handling Remote Overflow DoS

Source: CCN
Type: OSVDB ID: 6639
Macromedia JRun IIS ISAPI error-handling .cfm File Overflow

Source: CCN
Type: BID-5121
Macromedia ColdFusion MX IIS ISAPI Filter Buffer Overrun Vulnerability

Source: XF
Type: UNKNOWN
coldfusion-mx-jrundll-bo(9460)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows:2003_server:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_information_services:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_information_server:5.0:*:*:*:far_east:*:*:*

    • * Denotes that component is vulnerable
    BACK
    macromedia coldfusion 6.0
    macromedia coldfusion 6.0
    microsoft windows 2003_server
    microsoft internet information server 4.0
    microsoft internet information server 5.0