CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2008-1203
https://notcve.org/view.php?id=CVE-2008-1203
The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection. El interfaz de administración para Adobe ColdFusion 8 y ColdFusion MX7 no registra los intentos de conexión fallidos, lo que provoca que que ataques de fuerza bruta de atacantes remotos no sean detectados. • http://secunia.com/advisories/29332 http://www.adobe.com/support/security/bulletins/apsb08-08.html http://www.securityfocus.com/bid/28207 http://www.securitytracker.com/id?1019600 http://www.vupen.com/english/advisories/2008/0862/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41150 •
CVSS: 6.8EPSS: 4%CPEs: 2EXPL: 0CVE-2007-5905
https://notcve.org/view.php?id=CVE-2007-5905
Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability. Adobe ColdFusion 8 y MX 7 permiten a atacantes remotos secuestrar sesiones mediante vectores no especificados que provocan el establecimiento de una sesión con una aplicación ColdFusion el la cual las cookies (1) CFID o (2) CFTOKEN tiene valores vacíos, posiblemente debido a una vulnerabilidad de fijación de sesión. • http://osvdb.org/41478 http://secunia.com/advisories/27644 http://securitytracker.com/id?1018944 http://www.adobe.com/go/kb402805 http://www.adobe.com/support/security/bulletins/apsb07-19.html http://www.securityfocus.com/bid/26429 http://www.vupen.com/english/advisories/2007/3859 https://exchange.xforce.ibmcloud.com/vulnerabilities/38446 • CWE-255: Credentials Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2006-3979
https://notcve.org/view.php?id=CVE-2006-3979
The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator. La AdminAPI de ColdFusion MX 7 permite a atacantes remotos evitar autenticación usando "acceso programático" a la adminAPI en vez del Administrador ColdFusion. • http://secunia.com/advisories/21421 http://securitytracker.com/id?1016660 http://www.adobe.com/support/security/bulletins/apsb06-10.html http://www.securityfocus.com/bid/19426 http://www.vupen.com/english/advisories/2006/3224 https://exchange.xforce.ibmcloud.com/vulnerabilities/28294 •