Vulnerability Name:

CVE-2005-1022 (CCN-20012)

Assigned:2005-04-07
Published:2005-04-07
Updated:2016-10-18
Summary:ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2005-1022

Source: BUGTRAQ
Type: UNKNOWN
20050407 Macromedia Security Bulletin - ColdFusion MX 6.1

Source: CCN
Type: Macromedia Web site
Macromedia

Source: CCN
Type: Macromedia Security Bulletin MPSB05-02
MPSB05-02 - Workaround available for ColdFusion MX 6.1 Updater file disclosure

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.macromedia.com/devnet/security/security_zone/mpsb05-02.html

Source: CCN
Type: OSVDB ID: 15353
ColdFusion MX .class File Disclosure

Source: CCN
Type: BID-13060
Macromedia ColdFusion MX Updater Remote File Disclosure Vulnerability

Source: XF
Type: UNKNOWN
coldfusion-updater-information-disclosure(20012)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:8::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp3:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:7.0::sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    macromedia coldfusion 6.1
    macromedia coldfusion 6.1
    microsoft windows nt 4.0 sp6a
    sun solaris 8
    sun solaris 9
    microsoft windows 2000 - sp3
    sun solaris 7.0