Adobe ColdFusion Multiple Vulnerabilities (APSB13-27) (credentialed check)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

A web-based application installed on the remote Windows host is
affected by multiple vulnerabilities.

Description :

The remote Windows host is running a version of ColdFusion that is
affected by the following vulnerabilities :

- A reflected cross-site scripting vulnerability exists
because ColdFusion does not sanitize user-supplied
input. This can be exploited by a remote, authenticated
user when the CFIDE directory is exposed.
(CVE-2013-5326)

- ColdFusion 10 is affected by an unspecified
vulnerability that allows unauthorized remote read
access. (CVE-2013-5328)

See also :

http://www.adobe.com/support/security/bulletins/apsb13-27.html
http://www.nessus.org/u?4fc8372c

Solution :

Apply the relevant hotfixes referenced in Adobe advisory APSB13-27.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 70915 ()

Bugtraq ID: 63681
63682

CVE ID: CVE-2013-5326
CVE-2013-5328