This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
A web-based application running on the remote Windows host is affected
by an XML external entity injection vulnerability.
The version of Adobe ColdFusion running on the remote Windows host
is affected by an XML external entity injection (XXE) vulnerability in
flex-messaging-core.jar due to an incorrect configuration of the XML
parser used in the bundled version of BlazeDS. A remote attacker can
exploit this, via a specially crafted AMF request, to read arbitrary
files on the system.
See also :
Apply the relevant hotfix referenced in Adobe security bulletin
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true