Allaire Coldfusion Server — known CVE vulnerabilities
Every CVE whose affected-product data names Allaire Coldfusion Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-1999-0760 — CVSS 10.0 (critical): Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges.
CVE-1999-0455 — CVSS 7.5 (high): The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm…
CVE-2000-0057 — CVSS 7.5 (high): Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system…
CVE-1999-0477 — CVSS 7.5 (high): The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm…
CVE-1999-0923 — CVSS 7.5 (high): Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server…
CVE-2001-1120 — CVSS 6.4 (medium): Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite…
CVE-2000-0538 — CVSS 5.0 (medium): ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password.
CVE-2002-0576 — CVSS 5.0 (medium): ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP…
CVE-1999-0756 — CVSS 5.0 (medium): ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility.
CVE-1999-0922 — CVSS 5.0 (medium): An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file.
CVE-1999-0924 — CVSS 5.0 (medium): The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service.
CVE-2000-0189 — CVSS 5.0 (medium): ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or…
CVE-2000-0410 — CVSS 5.0 (medium): ColdFusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file…
CVE-1999-0757 — CVSS 2.1 (low): The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates.