Adobe ColdFusion Hash Collision DoS (APSB12-06) (credentialed check)

Medium Nessus Plugin ID 58388


A web-based application running on the remote Windows host is affected by a denial of service vulnerability.


The remote Windows host is running a version of ColdFusion that is affected by a hash collision denial of service. A flaw exists in the way ColdFusion generates hash tables for user-supplied values.
By sending a small number of specially crafted requests to a web server that uses ColdFusion, an attacker can take advantage of this flaw to cause a denial of service condition.


Apply the relevant hotfixes referenced in Adobe advisory APSB12-06.

See Also

Plugin Details

Severity: Medium

ID: 58388

File Name: coldfusion_win_apsb12-06.nasl

Version: $Revision: 1.11 $

Type: local

Agent: windows

Family: Windows

Published: 2012/03/19

Modified: 2017/05/16

Dependencies: 55514

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:coldfusion

Required KB Items: SMB/coldfusion/instance

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/03/13

Vulnerability Publication Date: 2011/12/28

Reference Information

CVE: CVE-2012-0770

BID: 52436

OSVDB: 80008

CERT: 903934