GCVE - cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*

part: a version: 6.1 update: *

Vendor	Macromedia (`f00ebe2b-9d72-52ca-9cf0-be998a2cdfa0`)
Product	Coldfusion (`26100411-1341-5719-a01b-6960c4e93ee8`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2005-4343`	vulnerable	2026-06-03 14:27:12.894831	Details available Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection Vulnerability". Published: 2005-12-17T23:00:00.000Z Updated: 2024-08-07T23:38:51.857Z Open on db.gcve.eu Reference links http://secunia.com/advisories/18078 http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html http://www.securityfocus.com/bid/15904 http://securitytracker.com/id?1015369	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-4342`	vulnerable	2026-06-03 14:27:12.892242	Details available ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability." Published: 2005-12-17T23:00:00.000Z Updated: 2024-08-07T23:38:51.745Z Open on db.gcve.eu Reference links http://secunia.com/advisories/18078 http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html http://www.securityfocus.com/bid/15904 http://securitytracker.com/id?1015369	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-2306`	vulnerable	2026-06-03 14:27:01.610558	Details available Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users. Published: 2005-07-19T04:00:00.000Z Updated: 2024-08-07T22:22:48.421Z Open on db.gcve.eu Reference links http://secunia.com/advisories/16081 http://securitytracker.com/id?1014489 http://www.macromedia.com/devnet/security/security_zone/mpsb05-05.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-1022`	vulnerable	2026-06-03 14:26:57.209025	Details available ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information. Published: 2005-04-09T04:00:00.000Z Updated: 2024-08-07T21:35:59.677Z Open on db.gcve.eu Reference links http://www.macromedia.com/devnet/security/security_zone/mpsb05-02.html http://marc.info/?l=bugtraq&m=111290407411801&w=2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2004-2331`	vulnerable	2026-06-03 14:26:47.126958	Details available ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag. Published: 2005-08-16T04:00:00.000Z Updated: 2024-08-08T01:22:13.663Z Open on db.gcve.eu Reference links http://www.macromedia.com/devnet/security/security_zone/mpsb04-01.html https://exchange.xforce.ibmcloud.com/vulnerabilities/14984 http://www.securityfocus.com/bid/9521 http://secunia.com/advisories/10743/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2004-2330`	vulnerable	2026-06-03 14:26:47.125589	Details available ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields. Published: 2005-08-16T04:00:00.000Z Updated: 2024-08-08T01:22:13.679Z Open on db.gcve.eu Reference links http://www.macromedia.com/devnet/security/security_zone/mpsb04-02.html http://www.securityfocus.com/bid/9522 https://exchange.xforce.ibmcloud.com/vulnerabilities/14983 http://secunia.com/advisories/10743/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2004-2204`	vulnerable	2026-06-03 14:26:46.691901	Details available Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT. Published: 2005-07-10T04:00:00.000Z Updated: 2024-08-08T01:22:12.407Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/377213 https://exchange.xforce.ibmcloud.com/vulnerabilities/17567 http://secunia.com/advisories/12693 http://www.osvdb.org/10718 http://www.securityfocus.com/bid/11364	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2004-1816`	not_vulnerable	2026-06-03 14:26:45.449355	Details available Unknown vulnerability in Sun Java System Application Server 7.0 Update 2 and earlier, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption). Published: 2005-05-10T04:00:00.000Z Updated: 2024-08-08T01:07:48.289Z Open on db.gcve.eu Reference links http://marc.info/?l=bugtraq&m=107936690702515&w=2 http://secunia.com/advisories/11130 https://exchange.xforce.ibmcloud.com/vulnerabilities/15473 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57517-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201713-1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2004-1815`	vulnerable	2026-06-03 14:26:45.442595	Details available Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption). Published: 2005-05-10T04:00:00.000Z Updated: 2024-08-08T01:07:48.280Z Open on db.gcve.eu Reference links http://marc.info/?l=bugtraq&m=107936690702515&w=2 http://secunia.com/advisories/11132 https://exchange.xforce.ibmcloud.com/vulnerabilities/15473 http://www.macromedia.com/devnet/security/security_zone/mpsb04-04.html http://www.securityfocus.com/bid/9877	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2004-1478`	vulnerable	2026-06-03 14:26:39.815278	Details available JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session. Published: 2005-02-13T05:00:00.000Z Updated: 2024-08-08T00:53:23.998Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/17481 http://marc.info/?l=bugtraq&m=109621995623823&w=2 http://www.securityfocus.com/bid/11245 http://www.kb.cert.org/vuls/id/584958 http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2004-0928`	vulnerable	2026-06-03 14:26:37.544921	Details available The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm". Published: 2005-04-21T04:00:00.000Z Updated: 2024-08-08T00:31:48.097Z Open on db.gcve.eu Reference links http://marc.info/?l=bugtraq&m=109621995623823&w=2 http://secunia.com/advisories/12647/ http://www.kb.cert.org/vuls/id/977440 http://www.idefense.com/application/poi/display?id=148&type=vulnerabilities http://www.securityfocus.com/bid/11245	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2004-0646`	vulnerable	2026-06-03 14:26:36.309214	Details available Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields. Published: 2004-11-19T05:00:00.000Z Updated: 2024-08-08T00:24:27.006Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/377194 http://secunia.com/advisories/12647/ http://www.securityfocus.com/bid/11245 http://www.kb.cert.org/vuls/id/990200 https://exchange.xforce.ibmcloud.com/vulnerabilities/17485	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2004-0407`	vulnerable	2026-06-03 14:26:35.419616	Details available The HTML form upload capability in ColdFusion MX 6.1 does not reclaim disk space if an upload is interrupted, which allows remote attackers to cause a denial of service (disk consumption) by repeatedly uploading files and interrupting the uploads before they finish. Published: 2004-04-17T04:00:00.000Z Updated: 2024-08-08T00:17:14.586Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/10158 http://securitytracker.com/id?1009825 http://secunia.com/advisories/11392 https://exchange.xforce.ibmcloud.com/vulnerabilities/15882 http://www.osvdb.org/5402	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.