Allaire: >> Coldfusion Server Security Vulnerabilities
ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files.
CVSS Score
5.0
EPSS Score
0.006
Published
2000-03-01
Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information.
CVSS Score
7.5
EPSS Score
0.032
Published
2000-01-04
The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly.
CVSS Score
7.5
EPSS Score
0.091
Published
1999-12-25
The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly.
CVSS Score
7.5
EPSS Score
0.069
Published
1999-12-25
Page 2