CVE-2007-1874

Description

Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/33571

http://www.vupen.com/english/advisories/2007/1341

http://www.securitytracker.com/id?1017899

http://www.securityfocus.com/bid/23405

http://www.adobe.com/support/security/bulletins/apsb07-08.html

http://secunia.com/advisories/24850

http://osvdb.org/34930

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=510

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3