CVE-2005-4342

Properties

Published:
17.12.2005
Updated:
19.12.2005
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Product:
Macromedia: ColdFusion MX
Macromedia: ColdFusion MX
Macromedia: ColdFusion MX

Vulnerability description

ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to"bypass security controls," aka"JRun Clustered Sandbox Security Vulnerability."

References:

http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html: http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html
http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html: http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html
BID: http://www.securityfocus.com/bid/15904
FRSIRT: http://www.frsirt.com/english/advisories/2005/2948
SECTRACK: http://securitytracker.com/id?1015369
SECUNIA: http://secunia.com/advisories/18078