CVE-2007-1278
published 2007-03-16CVE-2007-1278: Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote…
PriorityP424medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
25.62%
97.7th percentile
Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | coldfusion | — | — |
| adobe | coldfusion | — | — |
| adobe | jrun | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qv5g-8mxx-qwcq: Unspecified vulnerability in the IIS connector in Adobe JRun 4
ghsa_unreviewed·2022-05-01
CVE-2007-1278 [MEDIUM] GHSA-qv5g-8mxx-qwcq: Unspecified vulnerability in the IIS connector in Adobe JRun 4
Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root.
Red Hat
lftp mirror --script does not escape names and targets of symbolic links
vendor_redhat·2007-01-09·CVSS 6.8
CVE-2007-2348 [MEDIUM] lftp mirror --script does not escape names and targets of symbolic links
lftp mirror --script does not escape names and targets of symbolic links
mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.
Statement: This issue does not affect lftp as supplied with Red Hat Enterprise Linux 3.
This issue was addressed for Red Hat Enterprise Linux 5 by
https://rhn.redhat.com/errata/RHSA-2009-1278.html
The Red Hat Security Response Team has rated this issue as having low security impact, this issue will not fixed in Red Hat Enterprise Linux 4.
Package: lftp (Red Hat Enterprise
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/34039http://secunia.com/advisories/24488http://www.adobe.com/support/security/bulletins/apsb07-07.htmlhttp://www.securityfocus.com/bid/22958http://www.securitytracker.com/id?1017752http://www.vupen.com/english/advisories/2007/0932https://exchange.xforce.ibmcloud.com/vulnerabilities/32994http://osvdb.org/34039http://secunia.com/advisories/24488http://www.adobe.com/support/security/bulletins/apsb07-07.htmlhttp://www.securityfocus.com/bid/22958http://www.securitytracker.com/id?1017752http://www.vupen.com/english/advisories/2007/0932https://exchange.xforce.ibmcloud.com/vulnerabilities/32994
2007-03-16
Published