Adobe ColdFusion HTTP Response Splitting (APSB12-15) (credentialed check)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.


Synopsis :

An application hosted on the remote web server is affected by an HTTP
response splitting vulnerability.

Description :

The version of Adobe ColdFusion running on the remote host is affected
by an HTTP response splitting vulnerability.

The coldfusion.filter.ComponentFilter class does not properly sanitize
input used in the Location header of an HTTP response. A remote
attacker could exploit this by tricking a user into making a malicious
request, resulting in the injection of HTTP headers, modification of
the HTTP response body, or splitting the HTTP response into multiple
responses.

See also :

http://www.adobe.com/support/security/bulletins/apsb12-15.html
http://www.nessus.org/u?8955b553

Solution :

Apply the hotfixes referenced in Adobe advisory APSB12-15.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 74190 ()

Bugtraq ID: 53941

CVE ID: CVE-2012-2041

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now