Vulnerability Name:

CVE-2004-1815 (CCN-15473)

Assigned:2004-03-15
Published:2004-03-15
Updated:2017-07-11
Summary:Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: BugTraq Mailing List, Mon Mar 15 2004 - 09:14:10 CST
Multiple Vendor SOAP server array DoS

Source: MITRE
Type: CNA
CVE-2004-1815

Source: MITRE
Type: CNA
CVE-2004-1816

Source: BUGTRAQ
Type: UNKNOWN
20040315 Multiple Vendor SOAP server array DoS

Source: CCN
Type: SA11130
Sun Java System Application Server SOAP Request Denial of Service

Source: CCN
Type: SA11132
Macromedia ColdFusion MX / JRun SOAP Request Denial of Service

Source: SECUNIA
Type: Patch, Vendor Advisory
11132

Source: CCN
Type: Sun Alert ID: 57517
Sun Java System Application Server Denial-of-Service Vulnerability

Source: CCN
Type: Macromedia Security Bulletin MPSB04-04
Security Patch available for ColdFusion MX and JRun 4.0 Web Services DoS

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.macromedia.com/devnet/security/security_zone/mpsb04-04.html

Source: CCN
Type: OSVDB ID: 4282
Sun Java System Application Server SOAP Request DoS

Source: CCN
Type: OSVDB ID: 4285
ColdFusion MX / JRun SOAP Request DoS

Source: BID
Type: Patch, Vendor Advisory
9877

Source: CCN
Type: BID-9877
Multiple Vendor SOAP Server Undisclosed Request Denial Of Service Vulnerability

Source: XF
Type: UNKNOWN
soap-array-dos(15473)

Source: XF
Type: UNKNOWN
soap-array-dos(15473)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:jrun:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:jrun:4.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:macromedia:jrun:4.0:sp1a:*:*:*:*:*:*
  • OR cpe:/a:macromedia:jrun:4.0_build_61650:*:*:*:*:*:*:*
  • OR cpe:/a:sun:one_application_server:7.0:*:platform:*:*:*:*:*
  • OR cpe:/a:sun:one_application_server:7.0:*:standard:*:*:*:*:*
  • OR cpe:/a:sun:one_application_server:7.0:ur1:platform:*:*:*:*:*
  • OR cpe:/a:sun:one_application_server:7.0:ur1:standard:*:*:*:*:*
  • OR cpe:/a:sun:one_application_server:7.0:ur2:platform:*:*:*:*:*
  • OR cpe:/a:sun:one_application_server:7.0:ur2:standard:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*
  • AND
  • cpe:/a:macromedia:jrun:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    macromedia coldfusion 6.0
    macromedia coldfusion 6.1
    macromedia jrun 4.0
    macromedia jrun 4.0 sp1
    macromedia jrun 4.0 sp1a
    macromedia jrun 4.0_build_61650
    sun one application server 7.0
    sun one application server 7.0
    sun one application server 7.0 ur1
    sun one application server 7.0 ur1
    sun one application server 7.0 ur2
    sun one application server 7.0 ur2
    macromedia coldfusion 6.0
    macromedia coldfusion 6.1
    macromedia jrun 4.0
    sun java system application server 7.0