Adobe ColdFusion 10 WebSockets CFC Public Method Invocation (APSB13-19) (credentialed check)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.

Synopsis :

A web-based application running on the remote Windows host is affected
by multiple vulnerabilities.

Description :

The remote Windows host is running a version of ColdFusion that allows
an unauthenticated, remote attacker to execute unauthorized methods.
ColdFusion component methods that use the 'public' modifier can be
invoked remotely using WebSockets. Only methods that use the 'remote'
modifier should be capable of being invoked in this manner. An
unauthenticated, remote attacker can exploit this to execute arbitrary

See also :

Solution :

Upgrade to ColdFusion 10 Update 11 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 68881 ()

Bugtraq ID: 61042

CVE ID: CVE-2013-3350

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now