{"vuid":"VU#321475","idnumber":"321475","name":"Allaire ColdFusion Server contains vulnerability allowing templates to be overwritten by zero byte file of the same name","keywords":["Allaire ColdFusion Server","templates","zero byte file","cold fusion"],"overview":"A vulnerability exists in Allaire ColdFusion Server which allows an attacker to overwrite ColdFusion Server templates with zero byte files.","clean_desc":"A remotely exploitable vulnerability exists in the Allaire ColdFusion Server which could allow an attacker to overwrite ColdFusion Server templates with zero byte files. For more information on this vulnerability and versions affected, please see the Macromedia Product Security Bulletin (MPSB01-07).","impact":"This vulnerability may allow an attacker to alter or destroy data on the target host. Note that this attack does not depend on how the targeted site's ColdFusion application is coded in the ColdFusion Markup Language (CFML).","resolution":"Apply the following patches available from Allaire: Windows Editions\nSolairs Editions\nLinux Editions\nHP-UX Editions","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported to the CERT/CC by Macromedia on July 11, 2001.","author":"This document was written by Ian A. Finlay.","public":["http://www.securityfocus.com/bid/3023","http://www.allaire.com/handlers/index.cfm?id=21566"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-07-12T15:28:43Z","publicdate":"2001-07-11T00:00:00Z","datefirstpublished":"2001-08-03T13:12:07Z","dateupdated":"2001-08-03T13:12:08Z","revision":6,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"16","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"15","cam_impact":"8","cam_easeofexploitation":"8","cam_attackeraccessrequired":"20","cam_scorecurrent":"9.36","cam_scorecurrentwidelyknown":"10.8","cam_scorecurrentwidelyknownexploited":"18","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":9.36,"vulnote":null}