CVE-2005-4343

3 documents3 sources

Severity

5.0MEDIUM

EPSS

1.5%

top 19.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Macromedia Coldfusion

Timeline

PublishedDec 19

Latest updateMay 1

Description

Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection Vulnerability".

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmacromedia/coldfusion6.0, 6.1, 7.0+2

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: www.macromedia.com ↗

🔴Vulnerability Details

GHSA

GHSA-gvph-v5gg-8pcr: Adobe (formerly Macromedia) ColdFusion MX 6↗2022-05-01

▶

CVEList

CVE-2005-4343: Adobe (formerly Macromedia) ColdFusion MX 6↗2005-12-17

▶