Vulnerability Details CVE-2005-4343
Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection Vulnerability".
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.0%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/18078
- http://securitytracker.com/id?1015369
- http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html
- http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html
- http://www.securityfocus.com/bid/15904
- http://www.vupen.com/english/advisories/2005/2948
- http://secunia.com/advisories/18078
- http://securitytracker.com/id?1015369
- http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html
- http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html
- http://www.securityfocus.com/bid/15904
- http://www.vupen.com/english/advisories/2005/2948
Products affected by CVE-2005-4343
-
cpe:2.3:a:macromedia:coldfusion:6.0
-
cpe:2.3:a:macromedia:coldfusion:6.1
-
cpe:2.3:a:macromedia:coldfusion:7.0