Adobe ColdFusion Hash Collision DoS (APSB12-06) (credentialed check)

Medium Nessus Plugin ID 58388

Synopsis

A web-based application running on the remote Windows host is affected by a denial of service vulnerability.

Description

The remote Windows host is running a version of ColdFusion that is affected by a hash collision denial of service. A flaw exists in the way ColdFusion generates hash tables for user-supplied values.
By sending a small number of specially crafted requests to a web server that uses ColdFusion, an attacker can take advantage of this flaw to cause a denial of service condition.

Solution

Apply the relevant hotfixes referenced in Adobe advisory APSB12-06.

See Also

http://www.nruns.com/_downloads/advisory28122011.pdf

https://www.adobe.com/support/security/bulletins/apsb12-06.html

https://www.adobe.com/support/security/bulletins/apsb12-06.html

Plugin Details

Severity: Medium

ID: 58388

File Name: coldfusion_win_apsb12-06.nasl

Version: 1.13

Type: local

Agent: windows

Family: Windows

Published: 2012/03/19

Updated: 2018/11/15

Dependencies: 55514

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:coldfusion

Required KB Items: SMB/coldfusion/instance

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2012/03/13

Vulnerability Publication Date: 2011/12/28

Reference Information

CVE: CVE-2012-0770

BID: 52436

CERT: 903934