) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:adobe:coldfusion:8.0:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2008-0643 |
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: March 11, 2008; 8:44:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2008-0644 |
Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function. Published: March 11, 2008; 8:44:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2008-1203 |
The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection. Published: March 11, 2008; 8:44:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2007-5905 |
Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability. Published: November 15, 2007; 3:46:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |