Adobe ColdFusion Component Browser Vulnerability
Last Update Date:
13 Jun 2012 15:09
Release Date:
13 Jun 2012
5060
Views
RISK: Medium Risk
TYPE: Servers - Internet App Servers
A vulnerability has been identified in Adobe ColdFusion. A remote user can conduct HTTP response splitting attacks.
A remote user can submit a specially crafted URL to cause the target server to return a split response. A remote user can exploit this to spoof content on the target server, attempt to poison any intermediate web caches, or conduct cross-site scripting attacks.
Impact
- Remote Code Execution
- Information Disclosure
- Data Manipulation
System / Technologies affected
- Adobe ColdFusion versions 8.0, 8.0.1, 9.0, 9.0.1
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- The vendor has issued a hotfix for version 9.0.1.
http://www.adobe.com/support/security/bulletins/apsb12-15.html
Vulnerability Identifier
Source
Related Link
Share with