Adobe ColdFusion MX 7 up to and including 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote malicious users to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe coldfusion |
||
adobe jrun 4.0 |