Published: 07/06/2000 Updated: 10/10/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

ColdFusion Administrator for ColdFusion 4.5.1 and previous versions allows remote malicious users to cause a denial of service via a long login password.

Vulnerable Product	Search on Vulmon	Subscribe to Product
allaire coldfusion server 3.01
allaire coldfusion server 3.1
allaire coldfusion server 4.0
allaire coldfusion server 4.0.1
allaire coldfusion server 3.11
allaire coldfusion server 3.12
allaire coldfusion server 2.0
allaire coldfusion server 3.0
allaire coldfusion server 4.5
allaire coldfusion server 4.5.1

source: wwwsecurityfocuscom/bid/1314/info Due to a faulty mechanism in the password parsing implementation in authentication requests, it is possible to launch a denial of service attack against Allaire ColdFusion 451 or previous by inputting a string of over 40 000 characters to the password field in the Administrator login page CPU u ...

NVD-CWE-Other http://www.securityfocus.com/bid/1314 http://www.allaire.com/handlers/index.cfm?ID=16122&Method=Full http://www.osvdb.org/3399 http://marc.info/?l=bugtraq&m=96045469627806&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/4611 https://nvd.nist.gov https://www.exploit-db.com/exploits/19996/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2000-0538

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect