Adobe ColdFusion Multiple Vulnerabilities (APSB15-29) (credentialed check)
Medium Nessus Plugin ID 86948
SynopsisA web-based application running on the remote Windows host is affected by multiple vulnerabilities.
DescriptionThe version of Adobe ColdFusion running on the remote Windows host is affected by multiple vulnerabilities :
- Multiple cross-site scripting (XSS) vulnerabilities exist due to a failure to validate input before returning it to the user. A remote attacker can exploit these to inject arbitrary script or HTML into the user's browser session. (CVE-2015-8052, CVE-2015-8053)
- A flaw exists in BlazeDS related to request handling between a user and a server. A remote attacker can exploit this, via a crafted XML document, to send HTTP traffic to intranet servers, thus allowing the attacker to carry out a server-side request forgery attacks.
SolutionApply the relevant hotfixes referenced in Adobe advisory APSB15-29.