Vulnerability Name:

CVE-2007-1874 (CCN-33571)

Assigned:2007-04-10
Published:2007-04-10
Updated:2017-07-29
Summary:Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2007-1874

Source: IDEFENSE
Type: Vendor Advisory
20070410 Adobe Macromedia ColdFusion MX7 Insecure File Permissions Vulnerability

Source: OSVDB
Type: UNKNOWN
34930

Source: CCN
Type: SA24850
Adobe ColdFusion MX Insecure Directory and File Permissions

Source: SECUNIA
Type: Vendor Advisory
24850

Source: CCN
Type: SECTRACK ID: 1017899
Macromedia ColdFusion Unsafe Directory Permissions Lets Local Users Gain Root Privileges

Source: CCN
Type: Adobe Product Security Bulletin APSB07-08
Workaround available for Linux and Solaris ColdFusion MX 7 file permissions vulnerability

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb07-08.html

Source: CCN
Type: OSVDB ID: 34930
Adobe ColdFusion MX on Unix Permission Weakness Local Privilege Escalation

Source: BID
Type: UNKNOWN
23405

Source: CCN
Type: BID-23405
Adobe Macromedia ColdFusion Insecure File Permissions Vulnerability

Source: SECTRACK
Type: UNKNOWN
1017899

Source: VUPEN
Type: UNKNOWN
ADV-2007-1341

Source: XF
Type: UNKNOWN
coldfusion-verity-privilege-escalation(33571)

Source: XF
Type: UNKNOWN
coldfusion-verity-privilege-escalation(33571)

Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 04.10.07
Adobe Macromedia ColdFusion MX7 Insecure File Permissions Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:coldfusion:7.0:*:linux:*:*:*:*:*
  • OR cpe:/a:adobe:coldfusion:7.0:*:solaris:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:adobe:coldfusion:7.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    adobe coldfusion 7.0
    adobe coldfusion 7.0
    adobe coldfusion 7.0