National Cyber-Alert System
Vulnerability Summary: CVE-1999-0477
Orirignal release date: 1999-12-25
Source: US-CERT/NIST

Overview

    The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly.

Impact

    CVSS Severity: 8 (High)
    Range: local,remote
    Authentication: access,design
    Impact Type: int,sec_prot other="1"

Reference to Advisories, Solutions, and Tools

    External Source: Security Focus
    Name: Allaire ColdFusion Remote File Display
    Hyperlink: http://www.securityfocus.com/bid/115

    External Source: Deletion
    Name:
    Hyperlink:

    External Source: Upload and Execution Vulnerability
    Name:
    Hyperlink:

Vulnerable Software and Vendor

    ColdFusion Server (Allaire)

Technical Details

CVE Standard Vulnerability Entry: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0477