Adobe ColdFusion Multiple Vulnerabilities

Last Update Date: 16 Jun 2011 15:48 Release Date: 16 Jun 2011 5705 Views

RISK: High Risk

High Risk

TYPE: Servers - Internet App Servers

TYPE: Internet App Servers

Multiple vulnerabilities have been identified in Adobe ColdFusion, which can be exploited by malicious people to conduct cross-site request forgery attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.

  1. The administrative interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. add a user with administrative privileges by tricking the logged in administrator into visiting a malicious web site.
  2. An unspecified error can be exploited to cause a DoS.
  3. Some vulnerabilities are caused due to vulnerabilities in the bundled version of Adobe BlazeDS.

Impact

  • Denial of Service
  • Remote Code Execution
  • Spoofing

System / Technologies affected

  • Adobe ColdFusion versions 9.0.1, 9.0, 8.0.1, and 8.0 for Windows, Macintosh, and UNIX.

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

 

Vulnerability Identifier

Source

 

Related Link

Share with

Previous

Adobe Shockwave Player Multiple Vulnerabilities

16 Jun 2011 5684 Views

Next

IBM Lotus Notes KeyView File Processing Vulnerabilities

17 Jun 2011 5719 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY