{"id": "CVE-2012-5674", "bulletinFamily": "NVD", "title": "CVE-2012-5674", "description": "Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when Internet Information Services (IIS) is used, allows attackers to cause a denial of service via unknown vectors.", "published": "2012-11-20T05:52:00", "modified": "2020-09-04T13:56:00", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5674", "reporter": "cve@mitre.org", "references": ["http://osvdb.org/87555", "https://exchange.xforce.ibmcloud.com/vulnerabilities/80139", "http://www.adobe.com/support/security/bulletins/apsb12-25.html"], "cvelist": ["CVE-2012-5674"], "type": "cve", "lastseen": "2021-02-02T05:59:57", "edition": 5, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["COLDFUSION_WIN_APSB12-25.NASL"]}], "modified": "2021-02-02T05:59:57", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2021-02-02T05:59:57", "rev": 2}, "vulnersScore": 6.0}, "cpe": ["cpe:/a:adobe:coldfusion:10.0"], "affectedSoftware": [{"cpeName": "adobe:coldfusion", "name": "adobe coldfusion", "operator": "eq", "version": "10.0"}, {"cpeName": "adobe:coldfusion", "name": "adobe coldfusion", "operator": "eq", "version": "10.0"}, {"cpeName": "adobe:coldfusion", "name": "adobe coldfusion", "operator": "eq", "version": "10.0"}, {"cpeName": "adobe:coldfusion", "name": "adobe coldfusion", "operator": "eq", "version": "10.0"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:adobe:coldfusion:10.0:update3:*:*:*:*:*:*", "cpe:2.3:a:adobe:coldfusion:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:coldfusion:10.0:update4:*:*:*:*:*:*", "cpe:2.3:a:adobe:coldfusion:10.0:update1:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:coldfusion:10.0:update4:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:coldfusion:10.0:update1:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:coldfusion:10.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:coldfusion:10.0:update3:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "http://www.adobe.com/support/security/bulletins/apsb12-25.html", "refsource": "CONFIRM", "tags": ["Vendor Advisory"], "url": "http://www.adobe.com/support/security/bulletins/apsb12-25.html"}, {"name": "adobe-coldfusion-unspec-dos(80139)", "refsource": "XF", "tags": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80139"}, {"name": "87555", "refsource": "OSVDB", "tags": [], "url": "http://osvdb.org/87555"}]}

{"nessus": [{"lastseen": "2021-03-01T01:41:26", "description": "The remote Windows host is running a version of ColdFusion that is\naffected by an unspecified denial of service. When used with Microsoft\nIIS, ColdFusion 10 is vulnerable to unspecified denial of service\nattacks. This vulnerability was introduced in ColdFusion 10 Update 1.", "edition": 26, "published": "2013-01-25T00:00:00", "title": "Adobe ColdFusion 10 on IIS Unspecified DoS (APSB12-25) (credentialed check)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5674"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:adobe:coldfusion"], "id": "COLDFUSION_WIN_APSB12-25.NASL", "href": "https://www.tenable.com/plugins/nessus/64246", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64246);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/12/04\");\n\n script_cve_id(\"CVE-2012-5674\");\n script_bugtraq_id(56590);\n\n script_name(english:\"Adobe ColdFusion 10 on IIS Unspecified DoS (APSB12-25) (credentialed check)\");\n script_summary(english:\"Checks for hotfix files\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web-based application running on the remote Windows host is affected\nby a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is running a version of ColdFusion that is\naffected by an unspecified denial of service. When used with Microsoft\nIIS, ColdFusion 10 is vulnerable to unspecified denial of service\nattacks. This vulnerability was introduced in ColdFusion 10 Update 1.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.adobe.com/support/security/bulletins/apsb12-25.html\");\n # http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb12-25.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7e12f147\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ColdFusion 10 Update 5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-5674\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:coldfusion\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"coldfusion_win_local_detect.nasl\");\n script_require_keys(\"SMB/coldfusion/instance\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"coldfusion_win.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\n\nglobal_var errors;\nerrors = make_list();\n\n##\n# Checks if the given ColdFusion 10 instance is configured\n# to use IIS. This technique only works for ColdFusion 10,\n# figuring out how to do this for other versions would need\n# to be researched further.\n#\n# @anonparam instance instance name of the ColdFusion 10 instance to check\n# @return TRUE if 'instance' is configured to use IIS,\n# FALSE otherwise\n##\nfunction _iis_connector_used()\n{\n local_var instance, share, cfroot, dirs, i, wsconfig_path, wsconfig, lines, line;\n instance = _FCT_ANON_ARGS[0];\n\n cfroot = get_kb_item('SMB/coldfusion/' + instance + '/cfroot');\n if (isnull(cfroot)) return FALSE; # defensive coding - this data should always exist\n if (cfroot[strlen(cfroot) - 1] != \"\\\") cfroot += \"\\\";\n share = cfroot[0] + '$';\n\n if (!is_accessible_share(share:share))\n {\n errors = make_list(errors, 'Unable to connect to \"' + share + '\".');\n return FALSE;\n }\n\n # the \"config\" directory is a level up from cfroot\n wsconfig_path = '';\n dirs = split(cfroot, sep:\"\\\", keep:TRUE);\n for (i = 0; i < max_index(dirs) - 1; i++)\n wsconfig_path += dirs[i];\n wsconfig_path += \"\\config\\wsconfig\\wsconfig.properties\";\n wsconfig = hotfix_get_file_contents(wsconfig_path);\n hotfix_check_fversion_end();\n\n if (wsconfig['error'] == HCF_NOENT)\n {\n # if the file doesn't exist that means it's not using any connectors\n # e.g., only the built-in development server is being used. for the\n # purposes of this plugin, this isn't considered an error/unexpected\n return FALSE;\n }\n else if (wsconfig['error'] != HCF_OK)\n {\n errors = make_list(errors, 'Error reading ' + wsconfig_path + '.');\n return FALSE;\n }\n\n lines = split(wsconfig['data'], sep:'\\n', keep:FALSE);\n foreach line (lines)\n {\n if (line =~ '^ *[0-9]+=IIS')\n return TRUE;\n }\n\n return FALSE;\n}\n\nversions = make_list('10.0.0');\ninstances = get_coldfusion_instances(versions); # this exits if it fails\ninstance_info = make_list();\n\nforeach name (keys(instances))\n{\n # the bug was introduced in update 1 and fixed in update 5. if there\n # are no updates installed, the instance isn't vulnerable\n chfs = get_kb_list('SMB/coldfusion/' + name + '/chf');\n if (isnull(chfs)) continue;\n\n info = check_jar_chf(name, 5);\n if (!isnull(info))\n {\n # if the CF10 instance is running with a vulnerable hotfix, make\n # sure it is configured to use IIS\n if (_iis_connector_used(name))\n instance_info = make_list(instance_info, info);\n }\n}\n\nif (max_index(instance_info) == 0)\n{\n if (max_index(errors) == 0)\n exit(0, \"No vulnerable instances of Adobe ColdFusion were detected.\");\n else\n exit(1, join(errors, sep:' '));\n}\n\nport = kb_smb_transport();\n\nif (report_verbosity > 0)\n{\n report =\n '\\nNessus detected the following unpatched instances :' +\n '\\n' + join(instance_info, sep:'\\n') +\n '\\n';\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}]}