Vulnerability Name:

CVE-2005-4343 (CCN-23657)

Assigned:2005-12-15
Published:2005-12-15
Updated:2011-03-08
Summary:Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection Vulnerability".
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2005-4343

Source: CCN
Type: SA18078
Macromedia ColdFusion Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
18078

Source: CCN
Type: SECTRACK ID: 1015369
ColdFusion MX Bugs Let Remote Users Bypass Sandbox Restrictions and Attach and E-mail Arbitrary Files

Source: SECTRACK
Type: Patch, Vendor Advisory
1015369

Source: CCN
Type: ASA-2007-018
HP-UX Apache Remote Execution of Arbitrary Code Denial of Service (DoS) and Unauthorized Access (HPSBUX02186)

Source: CCN
Type: Macromedia Security Bulletin MPSB05-12
Sandbox Security and CFMAIL Vulnerability in ColdFusion MX 6.X

Source: CONFIRM
Type: Patch
http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html

Source: CCN
Type: Macromedia Security Bulletin MPSB05-14
Cumulative Security Updater for ColdFusion MX 7

Source: CONFIRM
Type: Patch
http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html

Source: CCN
Type: OSVDB ID: 21898
ColdFusion CFMAIL Tag Subject Field Arbitrary File Access

Source: BID
Type: Patch
15904

Source: CCN
Type: BID-15904
Macromedia Cold Fusion MX Multiple Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2005-2948

Source: XF
Type: UNKNOWN
coldfusion-cfmail-email(23657)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:coldfusion:6.1:*:enterprise_with_jrun:*:*:*:*:*
  • OR cpe:/a:macromedia:coldfusion:6.1:*:j2ee_application_server:*:*:*:*:*
  • OR cpe:/a:macromedia:coldfusion:7.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:macromedia:coldfusion:7.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:sun:solaris:8::sparc:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000_advanced_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:::datacenter_server:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:::professional:*:*:*:*:*
  • OR cpe:/a:ibm:aix_5l:-:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:-::~~enterprise~~~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:-::~~standard~~~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1::as:*:*:*:*:*
  • OR cpe:/o:ibm:aix:5.3:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::64bit:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    macromedia coldfusion 6.0
    macromedia coldfusion 6.1
    macromedia coldfusion 6.1
    macromedia coldfusion 6.1
    macromedia coldfusion 7.0
    macromedia coldfusion 6.0
    macromedia coldfusion 6.1
    macromedia coldfusion 7.0
    sun solaris 8
    microsoft windows 2000 advanced server *
    ibm aix 5.1
    microsoft windows 2000
    sun solaris 9
    microsoft windows 2000
    ibm aix 5l -
    suse linux enterprise server 8
    microsoft windows 2003 server -
    microsoft windows 2003 server -
    microsoft windows 2003 server web
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 2.1
    ibm aix 5.3
    sun solaris 10
    redhat enterprise linux 4
    apple mac os x 10.3.9
    apple mac os x 10.4.2
    apple mac os x 10.4.3