Adobe ColdFusion 10 on IIS Unspecified DoS (APSB12-25) (credentialed check)

Medium Nessus Plugin ID 64246


A web-based application running on the remote Windows host is affected by a denial of service vulnerability.


The remote Windows host is running a version of ColdFusion that is affected by an unspecified denial of service. When used with Microsoft IIS, ColdFusion 10 is vulnerable to unspecified denial of service attacks. This vulnerability was introduced in ColdFusion 10 Update 1.


Upgrade to ColdFusion 10 Update 5 or later.

See Also

Plugin Details

Severity: Medium

ID: 64246

File Name: coldfusion_win_apsb12-25.nasl

Version: $Revision: 1.3 $

Type: local

Agent: windows

Family: Windows

Published: 2013/01/25

Modified: 2016/05/23

Dependencies: 55514

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:coldfusion

Required KB Items: SMB/coldfusion/instance

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2012/11/19

Vulnerability Publication Date: 2012/11/19

Reference Information

CVE: CVE-2012-5674

BID: 56590

OSVDB: 87555