Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-2505

4 documents4 sources
Severity
5.0MEDIUM
EPSS
31.3%
top 3.23%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Macromedia Coldfusion
Timeline
PublishedDec 31
Latest updateApr 29

Description

Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

โ–ถNVDmacromedia/coldfusion5.0, 6.0+1

Patches

Patch: www.securityfocus.com โ†—Patch: www.securityfocus.com โ†—

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-9cmf-77hw-89cq: Macromedia ColdFusion MX before 6โ†—2022-04-29
โ–ถ
CVEList
CVE-2004-2505: Macromedia ColdFusion MX before 6โ†—2005-10-25
โ–ถ

๐Ÿ’ฅExploits & PoCs

1
Exploit-DB
Macromedia ColdFusion MX 6.0 - Oversized Error Message Denial of Serviceโ†—2004-04-17
โ–ถ
CVE-2004-2505 (MEDIUM CVSS 5) | Macromedia ColdFusion MX before 6.1 | cvebase.io