Macromedia ColdFusion MX CreateObject和Java Extensibility过弱漏洞

运行CreateObject函数或CFOBJECT标签有效的Macromedia ColdFusion MX 6.0和6.1版本应用服务器存在漏洞。本地用户可以通过创建使用CreateObject或 CFOBJECT的CFML脚本实施未授权行为和获取管理员密码。

The vendor has released advisory MPSB04-10 to address this issue. Please see the referenced advisory for further information.

来源: XF
名称: coldfusion-gain-access(17567)
链接:http://xforce.iss.net/xforce/xfdb/17567

来源: BID
名称: 11364
链接:http://www.securityfocus.com/bid/11364

来源: BUGTRAQ
名称: 20040930 CFMX vulnerability
链接:http://www.securityfocus.com/archive/1/377213

来源: www.macromedia.com
链接:http://www.macromedia.com/devnet/security/security_zone/mpsb04-10.html

来源: SECUNIA
名称: 12693
链接:http://secunia.com/advisories/12693