CVE-1999-0455

HIGH

7.5

CVSS Severity Score

EPSS Score0.1000%

EPSS Percentile32.43th

PublishedDec 25, 1999

Last ModifiedApr 16, 2026

Vulnerability Description

The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly.

Affected Platforms (CPE)

📦

Allaire

Coldfusion Server

= 4.0

References & Advisories

🔗 http://www.securityfocus.com/bid/115

Related Vulnerabilities

CVE-2016-42648.6

The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to rea...

CVE-2025-618138.2

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ...

CVE-1999-11247.5

HTTP Client application in ColdFusion allows remote attackers to bypass access restrictions for web pages on other ports by provid...

CVE-1999-04777.5

The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile....