CVE-2006-5858

Name: CVE-2006-5858
Creator: NVD / NIST
Published: 2006-12-31T05:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 12.91%

Last modified Jun 16, 2026

CVE-2006-5858 is a vulnerability of currently unknown severity. Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file.. EPSS estimates a 12.91% chance of exploitation in the next 30 days.

Description

Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file.

Metrics

EPSS Probability

12.91%

95.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-200

Affected Software

Vendor	Product	Versions
Adobe	Coldfusion	>= 7.0, <= 7.0.2
Adobe	Jrun	4.0

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=466Broken Link
http://osvdb.org/32123Broken Link
http://secunia.com/advisories/23668Third Party Advisory
http://securitytracker.com/id?1017490Third Party Advisory, VDB Entry
http://www.adobe.com/support/security/bulletins/apsb07-02.htmlPatch, Vendor Advisory
http://www.securityfocus.com/archive/1/457799/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/bid/21978Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2007/0116Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/31411Third Party Advisory, VDB Entry
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=466Broken Link
http://osvdb.org/32123Broken Link
http://secunia.com/advisories/23668Third Party Advisory
http://securitytracker.com/id?1017490Third Party Advisory, VDB Entry
http://www.adobe.com/support/security/bulletins/apsb07-02.htmlPatch, Vendor Advisory
http://www.securityfocus.com/archive/1/457799/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/bid/21978Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2007/0116Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/31411Third Party Advisory, VDB Entry

Timeline

Published: Dec 31, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-5858?

How severe is CVE-2006-5858?

Severity scoring for CVE-2006-5858 is pending analysis. The EPSS model estimates a 12.91% probability of exploitation in the next 30 days.

How do I fix CVE-2006-5858?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-5858?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST