CVSS: 5.0EPSS: 2%CPEs: 2EXPL: 2CVE-2004-2505 – Macromedia ColdFusion MX 6.0 - Oversized Error Message Denial of Service
https://notcve.org/view.php?id=CVE-2004-2505
Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data. • https://www.exploit-db.com/exploits/24013 http://archives.neohapsis.com/archives/bugtraq/2004-04/0184.html http://www.securityfocus.com/bid/10163 https://exchange.xforce.ibmcloud.com/vulnerabilities/15895 •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-2004-2330
https://notcve.org/view.php?id=CVE-2004-2330
ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields. • http://secunia.com/advisories/10743 http://www.macromedia.com/devnet/security/security_zone/mpsb04-02.html http://www.securityfocus.com/bid/9522 https://exchange.xforce.ibmcloud.com/vulnerabilities/14983 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2004-2331
https://notcve.org/view.php?id=CVE-2004-2331
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag. • http://secunia.com/advisories/10743 http://www.macromedia.com/devnet/security/security_zone/mpsb04-01.html http://www.securityfocus.com/bid/9521 https://exchange.xforce.ibmcloud.com/vulnerabilities/14984 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 0CVE-2004-1478
https://notcve.org/view.php?id=CVE-2004-1478
JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session. • http://marc.info/?l=bugtraq&m=109621995623823&w=2 http://secunia.com/advisories/12638 http://www.kb.cert.org/vuls/id/584958 http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html http://www.securityfocus.com/bid/11245 https://exchange.xforce.ibmcloud.com/vulnerabilities/17481 •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2004-2204
https://notcve.org/view.php?id=CVE-2004-2204
Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT. • http://secunia.com/advisories/12693 http://www.macromedia.com/devnet/security/security_zone/mpsb04-10.html http://www.osvdb.org/10718 http://www.securityfocus.com/archive/1/377213 http://www.securityfocus.com/bid/11364 https://exchange.xforce.ibmcloud.com/vulnerabilities/17567 •