Is CVE-2004-0928 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Hitachi Cosminexus_enterprise

CVE-2004-0928

The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".

EPSS: 0.041 (89.4th percentile) — read the EPSS interpretation.

Affected products

Hitachi Cosminexus_enterprise — versions 01_01_1, 01_02_2
Hitachi Cosminexus_server — versions web_01-01_1, web_01-01_2
Macromedia Coldfusion — versions 6.0, 6.1
Macromedia Jrun — versions 3.0, 3.1, 4.0
N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (Patch, x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
cve@mitre.org (US Government Resource, x_refsource_CERT-VN, Patch, Third Party Advisory, third-party-advisory)
cve@mitre.org (x_refsource_IDEFENSE, Patch, Vendor Advisory, third-party-advisory)
cve@mitre.org (Patch, vdb-entry, x_refsource_BID, Vendor Advisory)
cve@mitre.org (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
cve@mitre.org (Patch, x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)

Frequently asked questions

What is CVE-2004-0928?: CVE-2004-0928 is a vulnerability in Hitachi Cosminexus_enterprise. Published 2004-10-05.
Is CVE-2004-0928 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.