Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.COLDFUSION_WIN_APSB12-06.NASL
HistoryMar 19, 2012 - 12:00 a.m.

Adobe ColdFusion Hash Collision DoS (APSB12-06) (credentialed check)

2012-03-1900:00:00
This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
www.tenable.com
13

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.018 Low

EPSS

Percentile

88.3%

JSON

The remote Windows host is running a version of ColdFusion that is affected by a hash collision denial of service. A flaw exists in the way ColdFusion generates hash tables for user-supplied values.
By sending a small number of specially crafted requests to a web server that uses ColdFusion, an attacker can take advantage of this flaw to cause a denial of service condition.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(58388);
  script_version("1.13");
  script_cvs_date("Date: 2018/11/15 20:50:26");

  script_cve_id("CVE-2012-0770");
  script_bugtraq_id(52436);
  script_xref(name:"CERT", value:"903934");

  script_name(english:"Adobe ColdFusion Hash Collision DoS (APSB12-06) (credentialed check)");
  script_summary(english:"Checks for hotfix file");

  script_set_attribute(
    attribute:"synopsis",
    value:
"A web-based application running on the remote Windows host is affected
by a denial of service vulnerability."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The remote Windows host is running a version of ColdFusion that is
affected by a hash collision denial of service. A flaw exists in
the way ColdFusion generates hash tables for user-supplied values.
By sending a small number of specially crafted requests to a web
server that uses ColdFusion, an attacker can take advantage of this
flaw to cause a denial of service condition."
  );
  script_set_attribute(attribute:"see_also", value:"http://www.nruns.com/_downloads/advisory28122011.pdf");
  script_set_attribute(attribute:"see_also", value:"https://www.adobe.com/support/security/bulletins/apsb12-06.html");
  script_set_attribute(attribute:"see_also", value:"https://www.adobe.com/support/security/bulletins/apsb12-06.html");
  script_set_attribute(
    attribute:"solution",
    value:"Apply the relevant hotfixes referenced in Adobe advisory APSB12-06."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/03/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:coldfusion");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");

  script_dependencies("coldfusion_win_local_detect.nasl");
  script_require_keys("SMB/coldfusion/instance");
  script_require_ports(139, 445);

  exit(0);
}

include("coldfusion_win.inc");
include("global_settings.inc");
include("misc_func.inc");
include("smb_func.inc");

versions = make_list('8.0.0', '8.0.1', '9.0.0', '9.0.1');
instances = get_coldfusion_instances(versions); # this exits if it fails
port   = kb_smb_transport();

# Check the hotfixes and cumulative hotfixes installed for each
# instance of ColdFusion.
info = NULL;
instance_info = make_list();

foreach name (keys(instances))
{
  info = NULL;
  ver = instances[name];

  if (ver == "8.0.0")
    info = check_jar_hotfix(name, "00005", 4, make_list("00001", "00002", "00003", "00004", "1875", "1878", "70523", "71471", "73122", "77218"));
  else if (ver == "8.0.1")
    info = check_jar_hotfix(name, "00005", 5, make_list("00001", "00002", "00003", "00004", "1875", "1878", "71471", "73122", "77218"));
  else if (ver == "9.0.0")
    info = check_jar_hotfix(name, "00005", 2, make_list("00001", "00002", "00003", "00004"));
  else if (ver == "9.0.1")
    info = check_jar_hotfix(name, "00004", 3, make_list("00001","00002","00003"));

  if (!isnull(info))
    instance_info = make_list(instance_info, info);
}

if (max_index(instance_info) == 0)
  exit(0, "No vulnerable instances of Adobe ColdFusion were detected.");

if (report_verbosity > 0)
{
  report =
    '\nNessus detected the following unpatched instances :' +
    '\n' + join(instance_info, sep:'\n') +
    '\n';
  security_warning(port:port, extra:report);
}
else security_warning(port);
VendorProductVersionCPE
adobecoldfusioncpe:/a:adobe:coldfusion

Related

nvd 1
cve 1
cvelist 1
prion 1
nvd
nvd
CVE-2012-0770
2012-03-13 22:55:01
cve
cve
CVE-2012-0770
2012-03-13 22:55:01
cvelist
cvelist
CVE-2012-0770
2012-03-13 22:00:00
prion
prion
Code injection
2012-03-13 22:55:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.018 Low

EPSS

Percentile

88.3%

JSON
Related for COLDFUSION_WIN_APSB12-06.NASL
nvd1cve1cvelist1prion1