CVSS: 8.1EPSS: 1%CPEs: 12EXPL: 0CVE-2004-1478
https://notcve.org/view.php?id=CVE-2004-1478
31 Dec 2004 — JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session. • http://marc.info/?l=bugtraq&m=109621995623823&w=2 •
CVSS: 9.1EPSS: 10%CPEs: 11EXPL: 0CVE-2004-0928
https://notcve.org/view.php?id=CVE-2004-0928
05 Oct 2004 — The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm". • http://marc.info/?l=bugtraq&m=109621995623823&w=2 •
CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 0CVE-2004-1816
https://notcve.org/view.php?id=CVE-2004-1816
15 Mar 2004 — Unknown vulnerability in Sun Java System Application Server 7.0 Update 2 and earlier, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption). • http://marc.info/?l=bugtraq&m=107936690702515&w=2 •
CVSS: 7.5EPSS: 9%CPEs: 12EXPL: 0CVE-2004-1815
https://notcve.org/view.php?id=CVE-2004-1815
15 Mar 2004 — Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption). • http://marc.info/?l=bugtraq&m=107936690702515&w=2 •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0535
https://notcve.org/view.php?id=CVE-2001-0535
12 Oct 2001 — Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script. • http://www.allaire.com/Handlers/index.cfm?ID=21700 •