CVE-2005-4342

ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability."

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html	Patch
http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html	Patch
http://www.securityfocus.com/bid/15904	Patch
http://securitytracker.com/id?1015369	Patch Vendor Advisory
http://secunia.com/advisories/18078	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2005/2948

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:macromedia:coldfusion:7.0:::::::*
	cpe:2.3:a:macromedia:coldfusion:6.0:::::::*
	cpe:2.3:a:macromedia:coldfusion:6.1:::::::*
	cpe:2.3:a:macromedia:coldfusion:6.1::enterprise_with_jrun:::::
	cpe:2.3:a:macromedia:coldfusion:6.1::j2ee_application_server:::::

Information

Published : 2005-12-18 19:47

Updated : 2011-03-07 18:28

NVD link : CVE-2005-4342

Mitre link : CVE-2005-4342

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

macromedia

coldfusion

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html", "name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html", "name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/15904", "name": "15904", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1015369", "name": "1015369", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/18078", "name": "18078", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2005/2948", "name": "ADV-2005-2948", "tags": [], "refsource": "VUPEN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to \"bypass security controls,\" aka \"JRun Clustered Sandbox Security Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-4342", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-12-19T03:47Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:macromedia:coldfusion:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:macromedia:coldfusion:6.1:*:enterprise_with_jrun:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:macromedia:coldfusion:6.1:*:j2ee_application_server:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-03-08T02:28Z"}