CVE Daily
← All tags

Tag: Adobe ColdFusion

All CVEs associated with "Adobe ColdFusion". Page 3/3 • 260 CVEs.

Subscribe CVEs: RSS for “Adobe ColdFusion”  ·  RSS (High+Critical only)

About “Adobe ColdFusion”

A curated feed of “Adobe ColdFusion”-related CVEs appears below. We currently track 260 CVEs for this tag (all time). In the last 365 days, 33 were published. Average CVSS is 6.7 (all time; 6.6 over 365d), and 51% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-20 - Improper Input Validation, CWE-611 - Improper Restriction of XML External Entity Reference, CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2002-12-31
Medium

CVE-2002-1992

Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header.

CVSS: 5.0 CWE: N/A View on NVD
2002-11-29
High

CVE-2002-1309

Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm…

CVSS: 7.5 CWE: N/A View on NVD
2002-06-18
Medium

CVE-2002-0576

ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, whi…

CVSS: 5.0 CWE: N/A View on NVD
2001-12-31
Critical

CVE-2001-1514

ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE…

CVSS: 10.0 CWE: N/A View on NVD
2001-10-30
High

CVE-2001-0535

Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or exe…

CVSS: 7.5 CWE: N/A View on NVD
2001-07-11
Medium

CVE-2001-1120

Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates.

CVSS: 6.4 CWE: N/A View on NVD
High

CVE-2001-1427

Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors.

CVSS: 7.5 CWE: N/A View on NVD
2001-03-12
Medium

CVE-1999-0756

ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility.

CVSS: 5.0 CWE: N/A View on NVD
Low

CVE-1999-0757

The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates.

CVSS: 2.1 CWE: N/A View on NVD
Critical

CVE-1999-0760

Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges.

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-1999-0922

An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file.

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-1999-0923

Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-1999-0924

The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service.

CVSS: 5.0 CWE: N/A View on NVD
2000-06-07
Medium

CVE-2000-0538

ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password.

CVSS: 5.0 CWE: N/A View on NVD
2000-05-10
Medium

CVE-2000-0410

ColdFusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file that is not stored in memory.

CVSS: 5.0 CWE: N/A View on NVD
2000-05-08
Low

CVE-2000-0382

ColdFusion ClusterCATS appends stale query string arguments to a URL during HTML redirection, which may provide sensitive information to the redirected site.

CVSS: 2.6 CWE: N/A View on NVD
2000-03-01
Medium

CVE-2000-0189

ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files.

CVSS: 5.0 CWE: N/A View on NVD
1999-12-31
High

CVE-1999-1124

HTTP Client application in ColdFusion allows remote attackers to bypass access restrictions for web pages on other ports by providing the target page to the mainframeset.cfm application, which reques…

CVSS: 7.5 CWE: N/A View on NVD
1999-12-25
High

CVE-1999-0455

The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-1999-0477

The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly.

CVSS: 7.5 CWE: N/A View on NVD