Skip to main content

Adobe ColdFusion Component Browser Vulnerability

Last Update Date: 13 Jun 2012 15:09 Release Date: 13 Jun 2012 5014 Views

RISK: Medium Risk

TYPE: Servers - Internet App Servers

TYPE: Internet App Servers

A vulnerability has been identified in Adobe ColdFusion. A remote user can conduct HTTP response splitting attacks.

 

A remote user can submit a specially crafted URL to cause the target server to return a split response. A remote user can exploit this to spoof content on the target server, attempt to poison any intermediate web caches, or conduct cross-site scripting attacks.


Impact

  • Remote Code Execution
  • Information Disclosure
  • Data Manipulation

System / Technologies affected

  • Adobe ColdFusion versions 8.0, 8.0.1, 9.0, 9.0.1

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

 


Vulnerability Identifier

 


Source


Related Link