Detections
Analytics
Adobe ColdFusion 11.x < 11u15 / 2016.x < 2016u7 / 2018.x < 2018u1 Multiple Vulnerabilities (APSB18-33)
critical Nessus Plugin ID 117480
Language:
Synopsis
A web-based application running on the remote host is affected by multiple vulnerabilities.Description
The version of Adobe ColdFusion running on the remote Windows host is 11.x prior to update 15, 2016.x prior to update 7 or 2018.x prior to update 1. It is, therefore, affected by multiple vulnerabilities.Solution
Upgrade to Adobe ColdFusion version 11 update 15 / 2016 update 7 / 2018 update 1 or later.See Also
https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html
Plugin Details
Severity: Critical
ID: 117480
File Name: coldfusion_win_apsb18-33.nasl
Version: 1.10
Type: local
Agent: windows
Family: Windows
Published: 9/13/2018
Updated: 11/30/2021
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.3
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2018-15965
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 9.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:adobe:coldfusion
Required KB Items: SMB/coldfusion/instance
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/11/2018
Vulnerability Publication Date: 9/11/2018
CISA Known Exploited Vulnerability Due Dates: 5/3/2022
Exploitable With
CANVAS (CANVAS)
Metasploit (Adobe ColdFusion CKEditor unrestricted file upload)
Elliot (Adobe ColdFusion File Upload)
Reference Information
CVE: CVE-2018-15957, CVE-2018-15958, CVE-2018-15959, CVE-2018-15960, CVE-2018-15961, CVE-2018-15962, CVE-2018-15963, CVE-2018-15964, CVE-2018-15965