Detections
Analytics
Adobe ColdFusion Hash Collision DoS (APSB12-06) (credentialed check)
medium Nessus Plugin ID 58388
Language:
Synopsis
A web-based application running on the remote Windows host is affected by a denial of service vulnerability.Description
The remote Windows host is running a version of ColdFusion that is affected by a hash collision denial of service. A flaw exists in the way ColdFusion generates hash tables for user-supplied values.By sending a small number of specially crafted requests to a web server that uses ColdFusion, an attacker can take advantage of this flaw to cause a denial of service condition.
Solution
Apply the relevant hotfixes referenced in Adobe advisory APSB12-06.See Also
http://www.nruns.com/_downloads/advisory28122011.pdf
https://www.adobe.com/support/security/bulletins/apsb12-06.html
Plugin Details
Severity: Medium
ID: 58388
File Name: coldfusion_win_apsb12-06.nasl
Version: 1.13
Type: local
Agent: windows
Family: Windows
Published: 3/19/2012
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 2.7
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
Vulnerability Information
CPE: cpe:/a:adobe:coldfusion
Required KB Items: SMB/coldfusion/instance
Exploit Ease: No known exploits are available
Patch Publication Date: 3/13/2012
Vulnerability Publication Date: 12/28/2011
Reference Information
CVE: CVE-2012-0770
BID: 52436
CERT: 903934