CVE-1999-1124

Allaire Coldfu — NVD-CWE-Other

EPSS 0.00311
  • Published: 1999-12-31T05:00:00.000
  • Last modified: 2025-04-03T01:03:51.193
  • Vendors: Allaire
  • Products: Coldfu
  • CWE: NVD-CWE-Other

CVE-1999-1124 — HTTP Client application in ColdFusion allows remote attackers to bypass access restrictions for web pages on other ports by providing the target page to the mainframeset.cfm application, which requests the page from the server, making it look like the request is coming from the local host. [Weakness: NVD-CWE-Other]

Related CVE by CWE

No closely related CVE found.

Risk snapshot

EPSS: n/a   |   KEV: not listed

Related CVE by CWE

No related CWE found.

Top CVE for Vendor

No items for this vendor.

Recently Exploited Similar Vulnerabilities

No recent KEV-listed items for this vendor/product.

HTTP Client application in ColdFusion allows remote attackers to bypass access restrictions for web pages on other ports by providing the target page to the mainframeset.cfm application, which requests the page from the server, making it look like the request is coming from the local host.

🧠 Explainer: What this vulnerability means

Summary: A flaw in Coldfu from Allaire (CWE: unspecified) can be exploited.

Impact: It may allow privilege escalation, data exposure, or service interruption.

Mitigation: Prioritize patching and consider temporary workarounds documented by the vendor.

CWE: NVD-CWE-Other
Allaire Coldfu

No explicit mitigation/advisory links found in references.