This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.
A web-based application running on the remote Windows host is affected
by multiple vulnerabilities.
The version of Adobe ColdFusion running on the remote Windows host is
affected by multiple vulnerabilities :
- Multiple cross-site scripting vulnerabilities exist in
the ColdFusion administrator console. (CVE-2011-0580)
- Multiple CRLF injection vulnerabilities in various tags
allow adding headers. (CVE-2011-0581)
- An information disclosure vulnerability exists in the
ColdFusion administrator console. (CVE-2011-0582)
- A cross-site scripting vulnerability exists with the
cfform tag. (CVE-2011-0583)
- A session fixation vulnerability exists for ColdFusion
See also :
Apply the relevant hotfixes referenced in the Adobe advisory.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.6
Public Exploit Available : true