Adobe ColdFusion Multiple Vulnerabilities (APSB16-16) (credentialed check)

critical Nessus Plugin ID 91102

Synopsis

A web-based application running on the remote Windows host is affected by multiple vulnerabilities.

Description

The version of Adobe ColdFusion running on the remote Windows host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities :

- A cross-site scripting vulnerability exists due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary script code in a user's browser session. (CVE-2016-1113)

- A remote code execution vulnerability exists in the Apache Commons Collections (ACC) library that is triggered during the deserialization of Java Objects. An unauthenticated, remote attacker can exploit this to execute arbitrary code on the target host.
(CVE-2016-1114)

- A flaw exists related to certificate validation due to the server hostname not being verified to match a domain name in the Subject's Common Name (CN) or SubjectAltName field when handling wild card certificates. A man-in-the-middle attacker can exploit this by spoofing the TLS/SSL server via a certificate that appears valid, resulting the disclosure or manipulation of transmitted data. (CVE-2016-1115)

Solution

Apply the relevant hotfix as referenced in Adobe Security Bulletin APSB16-16.

See Also

https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html

http://www.nessus.org/u?9c6d83db

Plugin Details

Severity: Critical

ID: 91102

File Name: coldfusion_win_apsb16-16.nasl

Version: 1.9

Type: local

Agent: windows

Family: Windows

Published: 5/12/2016

Updated: 11/20/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2016-1114

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:coldfusion

Required KB Items: SMB/coldfusion/instance

Exploit Ease: No known exploits are available

Patch Publication Date: 5/10/2016

Vulnerability Publication Date: 1/28/2015

Reference Information

CVE: CVE-2016-1113, CVE-2016-1114, CVE-2016-1115

BID: 90506, 90507, 90514

CERT: 576313