CVE-2001-0535 Information

Description

Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host’s domain which allows remote attackers to conduct upload read or execute files by spoofing the \HTTP Host\ (CGI.Host) variable in (1) the \Web Publish\ example script and (2) the \Email\ example script.

Reference

http://www.allaire.com/Handlers/index.cfm?ID=21700 http://xforce.iss.net/alerts/advise92.php