CVE Vulnerability

CVE-2007-1874

Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/.

7.2 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www.adobe.com/support/security/bulletins/apsb07-08.html Patch Vendor Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=510 Vendor Advisory
http://secunia.com/advisories/24850 Vendor Advisory
http://www.securityfocus.com/bid/23405
http://www.securitytracker.com/id?1017899
http://osvdb.org/34930
http://www.vupen.com/english/advisories/2007/1341
https://exchange.xforce.ibmcloud.com/vulnerabilities/33571
Configurations

Configuration 1

cpe:2.3:a:adobe:coldfusion:7.0:*:solaris:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:7.0:*:linux:*:*:*:*:*
Information

Published : 2007-04-11 10:19

Updated : 2017-07-29 01:31

NVD link : CVE-2007-1874

Mitre link : CVE-2007-1874

Products Affected
No products.
CWE
NVD-CWE-Other