CyberSec.Space Logo
Back to CVE Browser

CVE-1999-0477

HIGH
7.5
CVSS Severity Score
EPSS Score0.0510%
EPSS Percentile6.72th
PublishedDec 25, 1999
Last ModifiedApr 16, 2026

Vulnerability Description

The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly.

Affected Platforms (CPE)

πŸ“¦
Allaire

Coldfusion Server

= 2.0
πŸ“¦
Allaire

Coldfusion Server

= 3.0
πŸ“¦
Allaire

Coldfusion Server

= 3.01
πŸ“¦
Allaire

Coldfusion Server

= 3.11
πŸ“¦
Allaire

Coldfusion Server

= 3.12
πŸ“¦
Allaire

Coldfusion Server

= 4.0

References & Advisories

πŸ”— http://www.securityfocus.com/bid/115
πŸ”— http://www.securityfocus.com/bid/115

Related Vulnerabilities

CVE-2016-42648.6

The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to rea...

CVE-2025-618138.2

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ...

CVE-1999-11247.5

HTTP Client application in ColdFusion allows remote attackers to bypass access restrictions for web pages on other ports by provid...

CVE-1999-04557.5

The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprca...