CVE-2007-1874 Information
Description
Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp (2) CFReportBuilderInstaller.exe (3) .com.zerog.registry.xml (4) uninstall.lax (5) license.txt (6) Readme.htm (7) .com.zerog.registry.xml (8) k2adminstop or (9) k2adminstart files; or (10) certain files in lib/wsconfig/.
Reference
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=510 http://osvdb.org/34930 http://secunia.com/advisories/24850 http://www.adobe.com/support/security/bulletins/apsb07-08.html http://www.securityfocus.com/bid/23405 http://www.securitytracker.com/id?1017899 http://www.vupen.com/english/advisories/2007/1341 https://exchange.xforce.ibmcloud.com/vulnerabilities/33571
Share on: