Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.COLDFUSION_WIN_APSB17-14.NASL
HistoryApr 25, 2017 - 12:00 a.m.

Adobe ColdFusion 10.x < 10u23 / 11.x < 11u12 / 2016.x < 2016u4 Multiple Vulnerabilities (APSB17-14)

2017-04-2500:00:00
This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
95
JSON

The version of Adobe ColdFusion running on the remote Windows host is 10.x prior to update 23, 11.x prior to update 12, 2016.x prior to update 4. It is, therefore, affected by multiple vulnerabilities :

  • A reflected cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in user’s browser session.
    (CVE-2017-3008)

  • A Java deserialization flaw exists in the Apache BlazeDS library that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3066)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(99669);
  script_version("1.6");
  script_cvs_date("Date: 2019/11/13");

  script_cve_id("CVE-2017-3008", "CVE-2017-3066");
  script_bugtraq_id(98002, 98003);

  script_name(english:"Adobe ColdFusion 10.x < 10u23 / 11.x < 11u12 / 2016.x < 2016u4 Multiple Vulnerabilities (APSB17-14)");
  script_summary(english:"Checks the hotfix files.");

  script_set_attribute(attribute:"synopsis", value:
"A web-based application running on the remote host is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Adobe ColdFusion running on the remote Windows host is
10.x prior to update 23, 11.x prior to update 12, 2016.x prior to
update 4. It is, therefore, affected by multiple vulnerabilities :

  - A reflected cross-site scripting (XSS) vulnerability
    exists due to improper validation of user-supplied
    input. An unauthenticated, remote attacker can exploit
    this, via a specially crafted request, to execute
    arbitrary script code in user's browser session.
    (CVE-2017-3008)

  - A Java deserialization flaw exists in the Apache BlazeDS
    library that allows an unauthenticated, remote attacker
    to execute arbitrary code. (CVE-2017-3066)");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe ColdFusion version 10 update 23 / 11 update 12 / 2016
update 4 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3066");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/04/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:coldfusion");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("coldfusion_win_local_detect.nasl");
  script_require_keys("SMB/coldfusion/instance");
  script_require_ports(139, 445);

  exit(0);
}

include("audit.inc");
include("coldfusion_win.inc");
include("global_settings.inc");
include("misc_func.inc");

versions = make_list('10.0.0', '11.0.0', '2016.0.0');
instances = get_coldfusion_instances(versions); # this exits if it fails

# Check the hotfixes and cumulative hotfixes installed for each
# instance of ColdFusion.
info = NULL;
instance_info = make_list();

foreach name (keys(instances))
{
  info = NULL;
  ver = instances[name];

  if (ver == "10.0.0")
  {
    # CF10 uses an installer for updates so it is less likely (perhaps not possible) to only partially install a hotfix.
    # this means the plugin doesn't need to check for anything in the CFIDE directory, it just needs to check the CHF level
    info = check_jar_chf(name, 23);
  }
  else if (ver == "11.0.0")
  {
    info = check_jar_chf(name, 12);
  }

 else if (ver == "2016.0.0")
  {
    info = check_jar_chf(name, 4);
  }

  if (!isnull(info))
    instance_info = make_list(instance_info, info);
}

if (max_index(instance_info) == 0)
  exit(0, "No vulnerable instances of Adobe ColdFusion were detected.");

port = get_kb_item("SMB/transport");
if (!port)
  port = 445;

report =
  '\n' + 'Nessus detected the following unpatched instances :' +
  '\n' + join(instance_info, sep:'\n') +
  '\n';

security_report_v4(port:port, extra:report, severity:SECURITY_HOLE, xss:TRUE);
exit(0);
VendorProductVersionCPE
adobecoldfusioncpe:/a:adobe:coldfusion

Related

adobe 1
openvas 1
cve 2
prion 2
cvelist 2
exploitpack 1
zdt 1
attackerkb 1
ics 1
nessus 1
packetstorm 1
exploitdb 1
threatpost 2
talosblog 1
seebug 1
impervablog 1
adobe
adobe
APSB17-14 Security update available for ColdFusion
2017-04-25 00:00:00
openvas
openvas
Adobe ColdFusion Multiple Vulnerabilities (APSB17-14)
2017-04-26 00:00:00
cve
cve
CVE-2017-3008
2017-04-27 14:59:00
CVE-2017-3066
2017-04-27 14:59:00
prion
prion
Cross site scripting
2017-04-27 14:59:00
Deserialization of untrusted data
2017-04-27 14:59:00
cvelist
cvelist
CVE-2017-3008
2017-04-27 14:00:00
CVE-2017-3066
2017-04-27 14:00:00
exploitpack
exploitpack
Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution
2018-02-07 00:00:00
zdt
zdt
Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution Exploit
2018-02-07 00:00:00
attackerkb
attackerkb
CVE-2017-3066
2017-04-27 00:00:00
ics
ics
Publicly Available Tools Seen in Cyber Incidents Worldwide
2020-06-30 12:00:00
nessus
nessus
Adobe ColdFusion BlazeDS Java Object Deserialization RCE
2017-04-28 00:00:00
packetstorm
packetstorm
Adobe Coldfusion 11.0.03.292866 Remote Code Execution
2018-02-07 00:00:00
exploitdb
exploitdb
Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution
2018-02-07 00:00:00
threatpost
threatpost
ColdFusion Hotfix Resolves XSS, Java Deserialization Bugs
2017-04-25 12:36:08
New Threat Actor β€˜Rocke’: A Rising Monero Cryptomining Menace
2018-08-30 20:35:39
talosblog
talosblog
Rocke: The Champion of Monero Miners
2018-08-30 08:26:00
seebug
seebug
Adobe ColdFusion εεΊεˆ—εŒ–ζΌζ΄žοΌˆCVE-2017-3066οΌ‰
2018-03-30 00:00:00
impervablog
impervablog
Deserialization Attacks Surge Motivated by Illegal Crypto-mining
2018-01-24 17:45:08
JSON
Related for COLDFUSION_WIN_APSB17-14.NASL
adobe1openvas1cve2prion2cvelist2exploitpack1zdt1attackerkb1ics1nessus1packetstorm1exploitdb1threatpost2talosblog1seebug1impervablog1