Detections
Analytics
Adobe ColdFusion 11 < 11 Update 15 / 2016 < 2016 Update 7 / 2018 < 2018 Update 1 Arbitrary File Upload
critical Web App Scanning Plugin ID 113115
Language:
Synopsis
Adobe ColdFusion 11 < 11 Update 15 / 2016 < 2016 Update 7 / 2018 < 2018 Update 1 Arbitrary File UploadDescription
The version of Adobe ColdFusion running on the remote host is affected by an arbitrary file upload vulnerability. An unauthenticated attacker could leverage this vulnerability to gain access to the host in the context of the web application user.Solution
Upgrade to Adobe ColdFusion version 11 update 15 / 2016 update 7 / 2018 update 1 or later.See Also
https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html
Plugin Details
Severity: Critical
ID: 113115
Type: remote
Family: Component Vulnerability
Published: 1/14/2022
Updated: 10/5/2023
Scan Template: basic, full, pci, scan
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2018-15961
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score Source: CVE-2018-15961
Vulnerability Information
CPE: cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/11/2018
Vulnerability Publication Date: 9/11/2018
CISA Known Exploited Vulnerability Due Dates: 5/3/2022
Reference Information
CVE: CVE-2018-15961
BID: 105314
CWE: 434
OWASP: 2010-A4, 2013-A4, 2013-A9, 2017-A5, 2017-A9, 2021-A4, 2021-A6
WASC: Improper Input Handling
CAPEC: 1
DISA STIG: APSC-DV-002560, APSC-DV-002630
HIPAA: 164.306(a)(1), 164.306(a)(2)
ISO: 27001-A.12.6.1, 27001-A.14.2.5
NIST: sp800_53-CM-6b, sp800_53-SC-6
OWASP API: 2019-API7, 2023-API8
OWASP ASVS: 4.0.2-12.5.2, 4.0.2-14.2.1