Adobe ColdFusion Multiple Vulnerabilities (APSB13-27) (credentialed check)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.

Synopsis :

A web-based application running on the remote Windows host is affected
by multiple vulnerabilities.

Description :

The remote Windows host is running a version of ColdFusion that is
affected by the following vulnerabilities :

- A reflected cross-site scripting vulnerability exists
because ColdFusion does not sanitize user-supplied
input. This can be exploited by a remote, authenticated
user when the CFIDE directory is exposed.

- ColdFusion 10 is affected by an unspecified
vulnerability that allows unauthorized remote read
access. (CVE-2013-5328)

See also :

Solution :

Apply the relevant hotfixes referenced in Adobe advisory APSB13-27.

Risk factor :

High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.8
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 70915 ()

Bugtraq ID: 63681

CVE ID: CVE-2013-5326

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial