CVE-2004-0928

N/A Unknown

Published: October 05, 2004 Modified: April 16, 2026

Description

The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://marc.info/?l=bugtraq&m=109621995623823&w=2

Source: cve@mitre.org

http://secunia.com/advisories/12638/

Source: cve@mitre.org

Patch Vendor Advisory

http://secunia.com/advisories/12647/

Source: cve@mitre.org

Patch Vendor Advisory

http://www.idefense.com/application/poi/display?id=148&type=vulnerabilities

Source: cve@mitre.org

Patch Vendor Advisory

http://www.kb.cert.org/vuls/id/977440

Source: cve@mitre.org

Patch Third Party Advisory US Government Resource

http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html

Source: cve@mitre.org

Patch Vendor Advisory

http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html

Source: cve@mitre.org

Patch Vendor Advisory

http://www.securityfocus.com/bid/11245

Source: cve@mitre.org

Patch Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/17484

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=109621995623823&w=2