Vulnerability Details CVE-2001-0535
Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 72.2%
CVSS Severity
CVSS v2 Score 7.5
References
Products affected by CVE-2001-0535
-
cpe:2.3:a:macromedia:coldfusion_server:4.x