Coldfusion
Approved changes feed: RSS · Atom
cpe:2.3:a:macromedia:coldfusion:6.1:*:j2ee_application_server:*:*:*:*:*
part: a version: 6.1 update: *
| Vendor | Macromedia (f00ebe2b-9d72-52ca-9cf0-be998a2cdfa0) |
|---|---|
| Product | Coldfusion (26100411-1341-5719-a01b-6960c4e93ee8) |
| Edition | j2ee_application_server |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2005-4343 |
vulnerable | 2026-06-03 14:27:12.894870 |
Details available
Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection Vulnerability".
Published: 2005-12-17T23:00:00.000Z
Updated: 2024-08-07T23:38:51.857Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2005-4342 |
vulnerable | 2026-06-03 14:27:12.893834 |
Details available
ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability."
Published: 2005-12-17T23:00:00.000Z
Updated: 2024-08-07T23:38:51.745Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2004-2331 |
vulnerable | 2026-06-03 14:26:47.126982 |
Details available
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.
Published: 2005-08-16T04:00:00.000Z
Updated: 2024-08-08T01:22:13.663Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2004-2330 |
vulnerable | 2026-06-03 14:26:47.126554 |
Details available
ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields.
Published: 2005-08-16T04:00:00.000Z
Updated: 2024-08-08T01:22:13.679Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2004-1478 |
vulnerable | 2026-06-03 14:26:39.818193 |
Details available
JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session.
Published: 2005-02-13T05:00:00.000Z
Updated: 2024-08-08T00:53:23.998Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.