Adobe ColdFusion Multiple Vulnerabilities (APSB11-04) (credentialed check)
Medium Nessus Plugin ID 55553
SynopsisA web-based application running on the remote Windows host is affected by multiple vulnerabilities.
DescriptionThe version of Adobe ColdFusion running on the remote Windows host is affected by multiple vulnerabilities :
- Multiple cross-site scripting vulnerabilities exist in the ColdFusion administrator console. (CVE-2011-0580)
- Multiple CRLF injection vulnerabilities in various tags allow adding headers. (CVE-2011-0581)
- An information disclosure vulnerability exists in the ColdFusion administrator console. (CVE-2011-0582)
- A cross-site scripting vulnerability exists with the cfform tag. (CVE-2011-0583)
- A session fixation vulnerability exists for ColdFusion sessions. (CVE-2011-0584)
SolutionApply the relevant hotfixes referenced in the Adobe advisory.