Adobe ColdFusion HTTP Response Splitting (APSB12-15) (credentialed check)

Medium Nessus Plugin ID 74190


An application hosted on the remote web server is affected by an HTTP response splitting vulnerability.


The version of Adobe ColdFusion running on the remote host is affected by an HTTP response splitting vulnerability.

The coldfusion.filter.ComponentFilter class does not properly sanitize input used in the Location header of an HTTP response. A remote attacker could exploit this by tricking a user into making a malicious request, resulting in the injection of HTTP headers, modification of the HTTP response body, or splitting the HTTP response into multiple responses.


Apply the hotfixes referenced in Adobe advisory APSB12-15.

See Also

Plugin Details

Severity: Medium

ID: 74190

File Name: coldfusion_win_apsb12-15.nasl

Version: $Revision: 1.3 $

Type: local

Agent: windows

Family: Windows

Published: 2014/05/27

Modified: 2015/02/02

Dependencies: 55514

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:coldfusion

Required KB Items: SMB/coldfusion/instance

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/06/12

Vulnerability Publication Date: 2012/06/12

Reference Information

CVE: CVE-2012-2041

BID: 53941

OSVDB: 82847

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990