Adobe ColdFusion Multiple Vulnerabilities (APSB14-23) (credentialed check)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

A web-based application running on the remote Windows host is affected
by multiple vulnerabilities.

Description :

The version of Adobe ColdFusion running on the remote Windows host
is affected by the following vulnerabilities :

- An unspecified cross-site request forgery vulnerability
exists because ColdFusion does not properly sanitize
user-supplied input. (CVE-2014-0570)

- An unspecified cross-site scripting vulnerability exists
because ColdFusion does not properly sanitize
user-supplied input. (CVE-2014-0571)

- ColdFusion is affected by a security permissions issue
which can allow a local, unauthenticated user to bypass
IP address access control restrictions.
(CVE-2014-0572)

See also :

https://helpx.adobe.com/security/products/coldfusion/apsb14-23.html
http://www.nessus.org/u?ad49a4b6

Solution :

Apply the relevant hotfixes referenced in Adobe advisory APSB14-23.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 78480 ()

Bugtraq ID: 70433
70435
70438

CVE ID: CVE-2014-0570
CVE-2014-0571
CVE-2014-0572

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now