Vulnerability Details CVE-1999-0477
The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.069
EPSS Ranking 90.9%
CVSS Severity
CVSS v2 Score 7.5
Products affected by CVE-1999-0477
-
cpe:2.3:a:allaire:coldfusion_server:2.0
-
cpe:2.3:a:allaire:coldfusion_server:3.0
-
cpe:2.3:a:allaire:coldfusion_server:3.01
-
cpe:2.3:a:allaire:coldfusion_server:3.11
-
cpe:2.3:a:allaire:coldfusion_server:3.12
-
cpe:2.3:a:allaire:coldfusion_server:4.0