Vulnerability Name:

CVE-2005-4342 (CCN-23656)

Assigned:2005-12-15
Published:2005-12-15
Updated:2011-03-08
Summary:ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability."
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2005-4342

Source: CCN
Type: SA18078
Macromedia ColdFusion Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
18078

Source: CCN
Type: SECTRACK ID: 1015369
ColdFusion MX Bugs Let Remote Users Bypass Sandbox Restrictions and Attach and E-mail Arbitrary Files

Source: SECTRACK
Type: Patch, Vendor Advisory
1015369

Source: CCN
Type: Macromedia Security Bulletin MPSB05-12
Sandbox Security and CFMAIL Vulnerability in ColdFusion MX 6.X

Source: CONFIRM
Type: Patch
http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html

Source: CCN
Type: Macromedia Security Bulletin MPSB05-14
Cumulative Security Updater for ColdFusion MX 7

Source: CONFIRM
Type: Patch
http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html

Source: CCN
Type: OSVDB ID: 22865
ColdFusion JRun Clustered Sandbox Security Bypass

Source: BID
Type: Patch
15904

Source: CCN
Type: BID-15904
Macromedia Cold Fusion MX Multiple Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2005-2948

Source: XF
Type: UNKNOWN
coldfusion-sandbox-bypass-security(23656)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:coldfusion:6.1:*:enterprise_with_jrun:*:*:*:*:*
  • OR cpe:/a:macromedia:coldfusion:6.1:*:j2ee_application_server:*:*:*:*:*
  • OR cpe:/a:macromedia:coldfusion:7.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:coldfusion:7.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:sun:solaris:8::sparc:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000_advanced_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:::datacenter_server:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:::professional:*:*:*:*:*
  • OR cpe:/a:ibm:aix_5l:-:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:-::~~enterprise~~~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:-::~~standard~~~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1::as:*:*:*:*:*
  • OR cpe:/o:ibm:aix:5.3:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::64bit:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    macromedia coldfusion 6.0
    macromedia coldfusion 6.1
    macromedia coldfusion 6.1
    macromedia coldfusion 6.1
    macromedia coldfusion 7.0
    macromedia coldfusion 6.0
    macromedia coldfusion 6.1
    macromedia coldfusion 7.0
    sun solaris 8
    microsoft windows 2000 advanced server *
    ibm aix 5.1
    microsoft windows 2000
    sun solaris 9
    microsoft windows 2000
    ibm aix 5l -
    suse linux enterprise server 8
    microsoft windows 2003 server -
    microsoft windows 2003 server -
    microsoft windows 2003 server web
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 2.1
    ibm aix 5.3
    sun solaris 10
    redhat enterprise linux 4
    apple mac os x 10.3.9
    apple mac os x 10.4.2
    apple mac os x 10.4.3