This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.
A web-based application running on the remote Windows host is affected
by multiple vulnerabilities.
The version of Adobe ColdFusion running on the remote Windows host
is affected by the following vulnerabilities :
- An unspecified cross-site request forgery vulnerability
exists because ColdFusion does not properly sanitize
user-supplied input. (CVE-2014-0570)
- An unspecified cross-site scripting vulnerability exists
because ColdFusion does not properly sanitize
user-supplied input. (CVE-2014-0571)
- ColdFusion is affected by a security permissions issue
which can allow a local, unauthenticated user to bypass
IP address access control restrictions.
See also :
Apply the relevant hotfixes referenced in Adobe advisory APSB14-23.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false