VULHUB ™

It is reported that ColdFusion MX contains a weakness that allows all developers to utilize the CFOBJECT tag and the CreateObject function to execute potentially malicious code in the context of the affected application server. This weakness allows malicious developers to execute code that is not appropriate for a shared server environment, or to perform administrative actions in the context of the affected application server. Malicious developers may possibly exploit this weakness to aid them in further application or system attacks. Versions 6.0 and 6.1 of Macromedia ColdFusion MX are reported to be affected by this weakness.

It is reported that ColdFusion MX contains a weakness that allows all developers to utilize the CFOBJECT tag and the CreateObject function to execute potentially malicious code in the context of the affected application server. This weakness allows malicious developers to execute code that is not appropriate for a shared server environment, or to perform administrative actions in the context of the affected application server. Malicious developers may possibly exploit this weakness to aid them in further application or system attacks. Versions 6.0 and 6.1 of Macromedia ColdFusion MX are reported to be affected by this weakness.