7.2

CVE-2007-1874

EPSS 0.15%
Veröffentlicht 11.04.2007 22:19:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Adobe ≫ Coldfusion Version7.0 Editionlinux

Adobe ≫ Coldfusion Version7.0 Editionsolaris

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.36

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=510

Vendor Advisory

http://osvdb.org/34930

http://secunia.com/advisories/24850

Vendor Advisory

http://www.adobe.com/support/security/bulletins/apsb07-08.html

Patch

Vendor Advisory

http://www.securityfocus.com/bid/23405

http://www.securitytracker.com/id?1017899

http://www.vupen.com/english/advisories/2007/1341

https://exchange.xforce.ibmcloud.com/vulnerabilities/33571

https://nvd.nist.gov/vuln/detail/CVE-2007-1874

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-1874

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-1874

EUVD