Detections
Analytics
Adobe ColdFusion Multiple Vulnerabilities (APSB11-14) (credentialed check)
medium Nessus Plugin ID 55542
Language:
Synopsis
A web-based application running on the remote Windows host is affected by multiple vulnerabilities.Description
The version of Adobe ColdFusion running on the remote Windows host is affected by an unspecified cross-site request forgery (XSRF) vulnerability and a denial of service (DoS) vulnerably. Versions 8, 8.0.1, 9, and 9.0.1 are affected.A remote attacker can exploit the XSRF vulnerability by tricking a user into making a malicious request, resulting in administrative access. The DoS vulnerability can be exploited to impact availability in an unspecified manner.
Solution
Apply the relevant hotfixes referenced in the Adobe advisory.See Also
https://www.adobe.com/support/security/bulletins/apsb11-14.html
Plugin Details
Severity: Medium
ID: 55542
File Name: coldfusion_win_apsb11-14.nasl
Version: 1.10
Type: local
Agent: windows
Family: Windows
Published: 7/8/2011
Updated: 6/12/2020
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:adobe:coldfusion
Required KB Items: SMB/coldfusion/instance
Exploit Ease: No known exploits are available
Patch Publication Date: 6/14/2011
Vulnerability Publication Date: 6/14/2011
Reference Information
CVE: CVE-2011-0629, CVE-2011-2091