Adobe ColdFusion HTTP Response Splitting Vulnerability Network Vulnerability

Summary

This host is running Adobe ColdFusion and is prone to response splitting vulnerability.

Impact

Successful exploitation will allow attackers to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust. Impact Level: Application

Solution

Apply patch from below link, http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb12-15.html

Insight

This flaw exists because the application does not validate an unspecified HTTP header before returning it to the user. This can be exploited to insert arbitrary HTTP headers, which will be included in a response sent to the user.

Affected

Adobe ColdFusion versions 8.0 through 9.0.1

References

http://osvdb.org/82847
http://secunia.com/advisories/49517
http://www.adobe.com/support/security/bulletins/apsb12-15.html
http://www.securityfocus.com/bid/53941

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2041

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache mod_proxy_ajp Information Disclosure Vulnerability
@Mail WebMail Email Body HTML Injection Vulnerability
Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
Apache Archiva Cross Site Request Forgery Vulnerability
Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities