| CVE-ID | ||
|---|---|---|
CVE-1999-0455 |
• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
|
|
| Description | ||
| The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly. | ||
| References | ||
| Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete. | ||
|
||
| Assigning CNA | ||
| MITRE Corporation | ||
| Date Record Created | ||
| 19990607 | Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE. | |
| Phase (Legacy) | ||
| Modified (19991210) | ||
| Votes (Legacy) | ||
| ACCEPT(3) Balinsky, Frech, Ozancin MODIFY(1) Wall NOOP(1) Baker REVIEWING(1) Christey |
||
| Comments (Legacy) | ||
Wall> The reference should be ASB99-01 (Expression Evaluator Security Issues) make application plural since there are three sample applications (openfile.cfm, displayopenedfile.cfm, and exprcalc.cfm). Christey> The CD:SF-EXEC and CD:SF-LOC content decisions apply here. Since there are 3 separate "executables" with the same (or similar) problem, we need to make sure that CD:SF-EXEC determines what to do here. There is evidence that some of these .cfm scripts have an "include" file, and if so, then CD:SF-LOC says that we shouldn't make separate entries for each of these scripts. On the other hand, the initial L0pht discovery didn't include all 3 of these scripts, and as far as I can tell, Allaire had patched the first problem before the others were discovered. So, CD:DISCOVERY-DATE may argue that we should split these because the problems were discovered and patched at different times. In any case, this candidate can not be accepted until the Editorial Board has accepted the CD:SF-EXEC, CD:SF-LOC, and CD:DISCOVERY-DATE content decisions. |
||
| Proposed (Legacy) | ||
| 19990726 | ||
| This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities. | ||
|
You can also search by reference using the CVE Reference Maps.
|
||
| For More Information: CVE Request Web Form (select "Other" from dropdown) | ||
