CVE-2005-4345

Properties

Published:
17.12.2005
Updated:
19.12.2005
Patch available:
Severity:
High
CVSS vector:
(AV:L/AC:L/Au:NR/C:C/I:C/A:C/B:N)
Product:
Macromedia: ColdFusion MX

Vulnerability description

Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges.

References:

http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html: http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html
BID: http://www.securityfocus.com/bid/15904
FRSIRT: http://www.frsirt.com/english/advisories/2005/2948
SECTRACK: http://securitytracker.com/id?1015371
SECUNIA: http://secunia.com/advisories/18078