Adobe ColdFusion Multiple Vulnerabilities (APSB13-27) (credentialed check)

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.

Synopsis :

A web-based application installed on the remote Windows host is
affected by multiple vulnerabilities.

Description :

The remote Windows host is running a version of ColdFusion that is
affected by the following vulnerabilities :

- A reflected cross-site scripting vulnerability exists
because ColdFusion does not sanitize user-supplied
input. This can be exploited by a remote, authenticated
user when the CFIDE directory is exposed.

- ColdFusion 10 is affected by an unspecified
vulnerability that allows unauthorized remote read
access. (CVE-2013-5328)

See also :

Solution :

Apply the relevant hotfixes referenced in Adobe advisory APSB13-27.

Risk factor :

High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.8
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 70915 ()

Bugtraq ID: 63681

CVE ID: CVE-2013-5326