Summary
This host is running Adobe ColdFusion and is prone to multiple vulnerabilities
Impact
Successful exploitation will allow attackers to conduct cross-site scripting attacks and bypass certain security restrictions.
Impact Level: Application
Solution
Upgrade to Adobe ColdFusion 10 Update 12 or later, https://www.adobe.com/cfusion/tdrc/index.cfm?product=coldfusion
Insight
Multiple flaws are due to,
- Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
- An unspecified error can be exploited to gain unauthorised read access.
No further information is currently available.
Affected
Adobe ColdFusion 10 before Update 12
Detection
Get the installed version of Adobe ColdFusion with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-5326, CVE-2013-5328 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N
Related Vulnerabilities
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
- Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
- ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
- AdPeeps 'index.php' Multiple Vulnerabilities.
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability