GCVE - cpe:2.3:a:macromedia:coldfusion:5.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:macromedia:coldfusion:5.0:*:*:*:*:*:*:*

part: a version: 5.0 update: *

Vendor	Macromedia (`f00ebe2b-9d72-52ca-9cf0-be998a2cdfa0`)
Product	Coldfusion (`26100411-1341-5719-a01b-6960c4e93ee8`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2006-2364`	vulnerable	2026-06-03 14:27:31.821886	Details available Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message. Published: 2006-05-15T16:00:00.000Z Updated: 2024-08-07T17:51:03.663Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/433819 http://www.securityfocus.com/bid/17938 https://exchange.xforce.ibmcloud.com/vulnerabilities/26508 http://securityreason.com/securityalert/894	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2004-2505`	vulnerable	2026-06-03 14:26:47.775042	Details available Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data. Published: 2005-10-25T04:00:00.000Z Updated: 2024-08-08T01:29:13.617Z Open on db.gcve.eu Reference links http://archives.neohapsis.com/archives/bugtraq/2004-04/0184.html https://exchange.xforce.ibmcloud.com/vulnerabilities/15895 http://www.securityfocus.com/bid/10163	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2001-1514`	vulnerable	2026-06-03 14:26:12.835940	Details available ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account. Published: 2005-07-14T04:00:00.000Z Updated: 2024-09-16T22:51:24.124Z Open on db.gcve.eu Reference links http://www.macromedia.com/v1/Handlers/index.cfm?ID=22263	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.