CVE-2004-2204

Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/archive/1/377213
http://www.macromedia.com/devnet/security/security_zone/mpsb04-10.html	Vendor Advisory
http://www.securityfocus.com/bid/11364
http://www.osvdb.org/10718
http://secunia.com/advisories/12693	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17567

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:macromedia:coldfusion:6.0:::::::*
	cpe:2.3:a:macromedia:coldfusion:6.1:::::::*

Information

Published : 2004-12-30 21:00

Updated : 2017-07-10 18:31

NVD link : CVE-2004-2204

Mitre link : CVE-2004-2204

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

macromedia

coldfusion

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/archive/1/377213", "name": "20040930 CFMX vulnerability", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-10.html", "name": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-10.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/11364", "name": "11364", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/10718", "name": "10718", "tags": [], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/12693", "name": "12693", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17567", "name": "coldfusion-gain-access(17567)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-2204", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2004-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:31Z"}