CVE-2001-1120

Description

Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates.

Affected products

• allaire / coldfusion_server2.0 – 2.0
• allaire / coldfusion_server3.0 – 3.0
• allaire / coldfusion_server3.0.1 – 3.0.1
• allaire / coldfusion_server3.1 – 3.1
• allaire / coldfusion_server3.1.1 – 3.1.1
• allaire / coldfusion_server3.1.2 – 3.1.2
• allaire / coldfusion_server4.0 – 4.0
• allaire / coldfusion_server4.0.1 – 4.0.1
• allaire / coldfusion_server4.5 – 4.5
• allaire / coldfusion_server4.5.1 – 4.5.1
• allaire / coldfusion_server4.5.1_sp1 – 4.5.1_sp1
• allaire / coldfusion_server4.5.1_sp2 – 4.5.1_sp2

References

• MISChttp://www.securityfocus.com/bid/3018
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/6839
• MISChttp://www.securityfocus.com/archive/1/196452
• MISChttp://www.allaire.com/handlers/index.cfm?id=21566
• MISChttp://www.kb.cert.org/vuls/id/135531