Adobe ColdFusion 10 on IIS Unspecified DoS (APSB12-25) (credentialed check)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

A web-based application running on the remote Windows host is affected
by a denial of service vulnerability.

Description :

The remote Windows host is running a version of ColdFusion that is
affected by an unspecified denial of service. When used with Microsoft
IIS, ColdFusion 10 is vulnerable to unspecified denial of service
attacks. This vulnerability was introduced in ColdFusion 10 Update 1.

See also :

http://www.adobe.com/support/security/bulletins/apsb12-25.html
http://www.nessus.org/u?7e12f147

Solution :

Upgrade to ColdFusion 10 Update 5 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 64246 ()

Bugtraq ID: 56590

CVE ID: CVE-2012-5674

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now