Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2004-2331 | First vendor Publication | 2004-12-31 |
Vendor | Cve | Last vendor Modification | 2024-11-20 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | |||
---|---|---|---|
Overall CVSS Score | 5.5 | ||
Base Score | 5.5 | Environmental Score | 5.5 |
impact SubScore | 3.6 | Temporal Score | 5.5 |
Exploitabality Sub Score | 1.8 | ||
Attack Vector | Local | Attack Complexity | Low |
Privileges Required | Low | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | None | Availability Impact | None |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2331 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-470 | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
3752 | ColdFusion MX Java Reflections Sandbox Bypass Macromedia ColdFusion MX and Macromedia ColdFusion MX J2EE contains a flaw that may allow a malicious local user to bypass the sandbox restrictions. The issue is triggered when creating Java objects without using CreateObject() or <cfobject> even if these features are disabled occurs. It is possible that the flaw may allow local users to bypass the sandbox restrictions. |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-11-28 23:22:44 |
|
2024-11-28 12:06:31 |
|
2024-01-25 09:27:53 |
|
2021-05-04 12:02:37 |
|
2021-04-22 01:02:49 |
|
2020-05-23 00:16:09 |
|
2017-07-11 12:01:43 |
|
2016-04-26 13:08:30 |
|
2013-05-11 11:48:38 |
|