CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1022
https://notcve.org/view.php?id=CVE-2005-1022
ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information. • http://marc.info/?l=bugtraq&m=111290407411801&w=2 http://www.macromedia.com/devnet/security/security_zone/mpsb05-02.html •
CVSS: 5.0EPSS: 2%CPEs: 2EXPL: 2CVE-2004-2505 – Macromedia ColdFusion MX 6.0 - Oversized Error Message Denial of Service
https://notcve.org/view.php?id=CVE-2004-2505
Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data. • https://www.exploit-db.com/exploits/24013 http://archives.neohapsis.com/archives/bugtraq/2004-04/0184.html http://www.securityfocus.com/bid/10163 https://exchange.xforce.ibmcloud.com/vulnerabilities/15895 •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-2004-2330
https://notcve.org/view.php?id=CVE-2004-2330
ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields. • http://secunia.com/advisories/10743 http://www.macromedia.com/devnet/security/security_zone/mpsb04-02.html http://www.securityfocus.com/bid/9522 https://exchange.xforce.ibmcloud.com/vulnerabilities/14983 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2004-2331
https://notcve.org/view.php?id=CVE-2004-2331
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag. • http://secunia.com/advisories/10743 http://www.macromedia.com/devnet/security/security_zone/mpsb04-01.html http://www.securityfocus.com/bid/9521 https://exchange.xforce.ibmcloud.com/vulnerabilities/14984 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 0CVE-2004-1478
https://notcve.org/view.php?id=CVE-2004-1478
JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session. • http://marc.info/?l=bugtraq&m=109621995623823&w=2 http://secunia.com/advisories/12638 http://www.kb.cert.org/vuls/id/584958 http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html http://www.securityfocus.com/bid/11245 https://exchange.xforce.ibmcloud.com/vulnerabilities/17481 •