CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-1999-0477

HIGH
7.5
CVSS Severity Score
EPSS Score0.0510%
EPSS Percentile6.72th
Published1999年12月25日
Last Modified2026年4月16日

Vulnerability Description

The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly.

Affected Platforms (CPE)

📦
Allaire

Coldfusion Server

= 2.0
📦
Allaire

Coldfusion Server

= 3.0
📦
Allaire

Coldfusion Server

= 3.01
📦
Allaire

Coldfusion Server

= 3.11
📦
Allaire

Coldfusion Server

= 3.12
📦
Allaire

Coldfusion Server

= 4.0

References & Advisories

🔗 http://www.securityfocus.com/bid/115
🔗 http://www.securityfocus.com/bid/115

相關漏洞威脅

CVE-2016-42648.6

The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to rea...

CVE-2025-618138.2

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ...

CVE-1999-11247.5

HTTP Client application in ColdFusion allows remote attackers to bypass access restrictions for web pages on other ports by provid...

CVE-1999-04557.5

The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprca...