CVE-2005-4342

3 documents3 sources
Severity
7.5HIGH
EPSS
1.0%
top 23.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Macromedia Coldfusion
Timeline
PublishedDec 19
Latest updateMay 1

Description

ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDmacromedia/coldfusion6.0, 6.1, 7.0+2

Patches

Patch: secunia.comPatch: securitytracker.comPatch: www.macromedia.com

🔴Vulnerability Details

2
GHSA
GHSA-pgj6-vc56-h2jc: ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 62022-05-01
CVEList
CVE-2005-4342: ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 62005-12-17
CVE-2005-4342 (HIGH CVSS 7.5) | ColdFusion Sandbox on Adobe (former | cvebase.io