GCVE - cpe:2.3:a:allaire:coldfusion_server:4.5:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:allaire:coldfusion_server:4.5:*:*:*:*:*:*:*

part: a version: 4.5 update: *

Vendor	Allaire (`a0b1f4af-8c85-5fcf-a11d-6d758962e057`)
Product	Coldfusion Server (`83a4c3b5-e0b2-574f-8df6-95ba3accbac3`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2002-0576`	vulnerable	2026-06-08 04:46:21.749605	Details available ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message. Published: 2003-04-02T05:00:00.000Z Updated: 2024-08-08T02:56:38.178Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/4542 http://online.securityfocus.com/archive/1/268263 http://www.iss.net/security_center/static/8866.php http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0028.html http://www.osvdb.org/3337	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2001-1120`	vulnerable	2026-06-08 04:45:21.483225	Details available Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates. Published: 2002-03-15T05:00:00.000Z Updated: 2024-08-08T04:44:07.482Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/3018 https://exchange.xforce.ibmcloud.com/vulnerabilities/6839 http://www.securityfocus.com/archive/1/196452 http://www.allaire.com/handlers/index.cfm?id=21566 http://www.kb.cert.org/vuls/id/135531	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2000-0538`	vulnerable	2026-06-08 04:45:18.282405	Details available ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password. Published: 2000-10-13T04:00:00.000Z Updated: 2024-08-08T05:21:31.209Z Open on db.gcve.eu Reference links http://marc.info/?l=bugtraq&m=96045469627806&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/4611 http://www.osvdb.org/3399 http://www.allaire.com/handlers/index.cfm?ID=16122&Method=Full http://www.securityfocus.com/bid/1314	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2000-0189`	vulnerable	2026-06-08 04:44:58.415023	Details available ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files. Published: 2000-04-10T04:00:00.000Z Updated: 2024-08-08T05:05:54.106Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/1021	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.