This script is Copyright (C) 2017 Tenable Network Security, Inc.
A web-based application running on the remote host is affected by
The version of Adobe ColdFusion running on the remote Windows host is
10.x prior to update 23, 11.x prior to update 12, 2016.x prior to
update 4. It is, therefore, affected by multiple vulnerabilities :
- A reflected cross-site scripting (XSS) vulnerability
exists due to improper validation of user-supplied
input. An unauthenticated, remote attacker can exploit
this, via a specially crafted request, to execute
arbitrary script code in user's browser session.
- A Java deserialization flaw exists in the Apache BlazeDS
library that allows an unauthenticated, remote attacker
to execute arbitrary code. (CVE-2017-3066)
See also :
Upgrade to Adobe ColdFusion version 10 update 23 / 11 update 12 / 2016
update 4 or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false