Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Macromedia ColdFusion MX安全模型欺骗漏洞
Vulnerability Description
Macromedia ColdFusion MX Server是一款强大的WEB应用服务程序,可以自动建立站点和WEB应用程序。 Macromedia ColdFusion MX Server存在一个安全Sandbox欺骗问题,攻击者可绕过一些安全检查,进行恶意攻击。 通过不使用CreateObject()或<cfobject>建立Java对象,而sandbox却没有任何安全防止措施。sandbox不能通过外部进行欺骗破坏,但编程者在一个共享的环境下可能存在此漏洞。
CVSS Information
N/A
Vulnerability Type
N/A