Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for cosminexus_enterprise by hitachi

    CVE-2004-0928 (GCVE-0-2004-0928)

    Vulnerability from cvelistv5 – Published: 2005-04-21 04:00 – Updated: 2024-08-08 00:31
    VLAI
    Summary
    The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://marc.info/?l=bugtraq&m=109621995623823&w=2 mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/12647/ third-party-advisoryx_refsource_SECUNIA
    http://www.kb.cert.org/vuls/id/977440 third-party-advisoryx_refsource_CERT-VN
    http://www.idefense.com/application/poi/display?i… third-party-advisoryx_refsource_IDEFENSE
    http://www.securityfocus.com/bid/11245 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.macromedia.com/devnet/security/securit… x_refsource_CONFIRM
    http://secunia.com/advisories/12638/ third-party-advisoryx_refsource_SECUNIA
    http://www.macromedia.com/devnet/security/securit… x_refsource_CONFIRM
    Date Public
    2004-09-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:31:48.097Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20040923 New Macromedia Security Zone Bulletins Posted",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=109621995623823\u0026w=2"
              },
              {
                "name": "12647",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/12647/"
              },
              {
                "name": "VU#977440",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/977440"
              },
              {
                "name": "20041005 ColdFusion MX 6.1 on IIS File Contents Disclosure",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://www.idefense.com/application/poi/display?id=148\u0026type=vulnerabilities"
              },
              {
                "name": "11245",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/11245"
              },
              {
                "name": "coldfusion-jrun-restriction-bypass(17484)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17484"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html"
              },
              {
                "name": "12638",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/12638/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-09-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in \";.cfm\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20040923 New Macromedia Security Zone Bulletins Posted",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=109621995623823\u0026w=2"
            },
            {
              "name": "12647",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/12647/"
            },
            {
              "name": "VU#977440",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/977440"
            },
            {
              "name": "20041005 ColdFusion MX 6.1 on IIS File Contents Disclosure",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://www.idefense.com/application/poi/display?id=148\u0026type=vulnerabilities"
            },
            {
              "name": "11245",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/11245"
            },
            {
              "name": "coldfusion-jrun-restriction-bypass(17484)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17484"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html"
            },
            {
              "name": "12638",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/12638/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0928",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in \";.cfm\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20040923 New Macromedia Security Zone Bulletins Posted",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=109621995623823\u0026w=2"
                },
                {
                  "name": "12647",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/12647/"
                },
                {
                  "name": "VU#977440",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/977440"
                },
                {
                  "name": "20041005 ColdFusion MX 6.1 on IIS File Contents Disclosure",
                  "refsource": "IDEFENSE",
                  "url": "http://www.idefense.com/application/poi/display?id=148\u0026type=vulnerabilities"
                },
                {
                  "name": "11245",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/11245"
                },
                {
                  "name": "coldfusion-jrun-restriction-bypass(17484)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17484"
                },
                {
                  "name": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html"
                },
                {
                  "name": "12638",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/12638/"
                },
                {
                  "name": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0928",
        "datePublished": "2005-04-21T04:00:00.000Z",
        "dateReserved": "2004-10-04T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:31:48.097Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-1478 (GCVE-0-2004-1478)

    Vulnerability from cvelistv5 – Published: 2005-02-13 05:00 – Updated: 2024-08-08 00:53
    VLAI
    Summary
    JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://marc.info/?l=bugtraq&m=109621995623823&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/11245 vdb-entryx_refsource_BID
    http://www.kb.cert.org/vuls/id/584958 third-party-advisoryx_refsource_CERT-VN
    http://www.macromedia.com/devnet/security/securit… x_refsource_CONFIRM
    http://secunia.com/advisories/12638/ third-party-advisoryx_refsource_SECUNIA
    Date Public
    2004-09-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:53:23.998Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "jrun-jsessionid-hijack(17481)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17481"
              },
              {
                "name": "20040923 New Macromedia Security Zone Bulletins Posted",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=109621995623823\u0026w=2"
              },
              {
                "name": "11245",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/11245"
              },
              {
                "name": "VU#584958",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/584958"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html"
              },
              {
                "name": "12638",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/12638/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-09-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "jrun-jsessionid-hijack(17481)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17481"
            },
            {
              "name": "20040923 New Macromedia Security Zone Bulletins Posted",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=109621995623823\u0026w=2"
            },
            {
              "name": "11245",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/11245"
            },
            {
              "name": "VU#584958",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/584958"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html"
            },
            {
              "name": "12638",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/12638/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-1478",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "jrun-jsessionid-hijack(17481)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17481"
                },
                {
                  "name": "20040923 New Macromedia Security Zone Bulletins Posted",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=109621995623823\u0026w=2"
                },
                {
                  "name": "11245",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/11245"
                },
                {
                  "name": "VU#584958",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/584958"
                },
                {
                  "name": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html"
                },
                {
                  "name": "12638",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/12638/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-1478",
        "datePublished": "2005-02-13T05:00:00.000Z",
        "dateReserved": "2005-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:53:23.998Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-1478 (GCVE-0-2004-1478)

    Vulnerability from nvd – Published: 2005-02-13 05:00 – Updated: 2024-08-08 00:53
    VLAI
    Summary
    JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://marc.info/?l=bugtraq&m=109621995623823&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/11245 vdb-entryx_refsource_BID
    http://www.kb.cert.org/vuls/id/584958 third-party-advisoryx_refsource_CERT-VN
    http://www.macromedia.com/devnet/security/securit… x_refsource_CONFIRM
    http://secunia.com/advisories/12638/ third-party-advisoryx_refsource_SECUNIA
    Date Public
    2004-09-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:53:23.998Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "jrun-jsessionid-hijack(17481)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17481"
              },
              {
                "name": "20040923 New Macromedia Security Zone Bulletins Posted",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=109621995623823\u0026w=2"
              },
              {
                "name": "11245",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/11245"
              },
              {
                "name": "VU#584958",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/584958"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html"
              },
              {
                "name": "12638",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/12638/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-09-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "jrun-jsessionid-hijack(17481)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17481"
            },
            {
              "name": "20040923 New Macromedia Security Zone Bulletins Posted",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=109621995623823\u0026w=2"
            },
            {
              "name": "11245",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/11245"
            },
            {
              "name": "VU#584958",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/584958"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html"
            },
            {
              "name": "12638",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/12638/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-1478",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "jrun-jsessionid-hijack(17481)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17481"
                },
                {
                  "name": "20040923 New Macromedia Security Zone Bulletins Posted",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=109621995623823\u0026w=2"
                },
                {
                  "name": "11245",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/11245"
                },
                {
                  "name": "VU#584958",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/584958"
                },
                {
                  "name": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html"
                },
                {
                  "name": "12638",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/12638/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-1478",
        "datePublished": "2005-02-13T05:00:00.000Z",
        "dateReserved": "2005-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:53:23.998Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0928 (GCVE-0-2004-0928)

    Vulnerability from nvd – Published: 2005-04-21 04:00 – Updated: 2024-08-08 00:31
    VLAI
    Summary
    The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://marc.info/?l=bugtraq&m=109621995623823&w=2 mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/12647/ third-party-advisoryx_refsource_SECUNIA
    http://www.kb.cert.org/vuls/id/977440 third-party-advisoryx_refsource_CERT-VN
    http://www.idefense.com/application/poi/display?i… third-party-advisoryx_refsource_IDEFENSE
    http://www.securityfocus.com/bid/11245 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.macromedia.com/devnet/security/securit… x_refsource_CONFIRM
    http://secunia.com/advisories/12638/ third-party-advisoryx_refsource_SECUNIA
    http://www.macromedia.com/devnet/security/securit… x_refsource_CONFIRM
    Date Public
    2004-09-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:31:48.097Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20040923 New Macromedia Security Zone Bulletins Posted",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=109621995623823\u0026w=2"
              },
              {
                "name": "12647",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/12647/"
              },
              {
                "name": "VU#977440",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/977440"
              },
              {
                "name": "20041005 ColdFusion MX 6.1 on IIS File Contents Disclosure",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://www.idefense.com/application/poi/display?id=148\u0026type=vulnerabilities"
              },
              {
                "name": "11245",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/11245"
              },
              {
                "name": "coldfusion-jrun-restriction-bypass(17484)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17484"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html"
              },
              {
                "name": "12638",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/12638/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-09-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in \";.cfm\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20040923 New Macromedia Security Zone Bulletins Posted",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=109621995623823\u0026w=2"
            },
            {
              "name": "12647",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/12647/"
            },
            {
              "name": "VU#977440",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/977440"
            },
            {
              "name": "20041005 ColdFusion MX 6.1 on IIS File Contents Disclosure",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://www.idefense.com/application/poi/display?id=148\u0026type=vulnerabilities"
            },
            {
              "name": "11245",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/11245"
            },
            {
              "name": "coldfusion-jrun-restriction-bypass(17484)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17484"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html"
            },
            {
              "name": "12638",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/12638/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0928",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in \";.cfm\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20040923 New Macromedia Security Zone Bulletins Posted",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=109621995623823\u0026w=2"
                },
                {
                  "name": "12647",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/12647/"
                },
                {
                  "name": "VU#977440",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/977440"
                },
                {
                  "name": "20041005 ColdFusion MX 6.1 on IIS File Contents Disclosure",
                  "refsource": "IDEFENSE",
                  "url": "http://www.idefense.com/application/poi/display?id=148\u0026type=vulnerabilities"
                },
                {
                  "name": "11245",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/11245"
                },
                {
                  "name": "coldfusion-jrun-restriction-bypass(17484)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17484"
                },
                {
                  "name": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html"
                },
                {
                  "name": "12638",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/12638/"
                },
                {
                  "name": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0928",
        "datePublished": "2005-04-21T04:00:00.000Z",
        "dateReserved": "2004-10-04T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:31:48.097Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }