Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2004-2331 | First vendor Publication | 2004-12-31 |
| Vendor | Cve | Last vendor Modification | 2017-07-11 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 2.1 | Attack Range | Local |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2331 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 3752 | ColdFusion MX Java Reflections Sandbox Bypass Macromedia ColdFusion MX and Macromedia ColdFusion MX J2EE contains a flaw that may allow a malicious local user to bypass the sandbox restrictions. The issue is triggered when creating Java objects without using CreateObject() or <cfobject> even if these features are disabled occurs. It is possible that the flaw may allow local users to bypass the sandbox restrictions. |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2021-05-04 12:02:37 |
|
| 2021-04-22 01:02:49 |
|
| 2020-05-23 00:16:09 |
|
| 2017-07-11 12:01:43 |
|
| 2016-04-26 13:08:30 |
|
| 2013-05-11 11:48:38 |
|
