Code injection

2012-03-1322:55:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.3%

JSON

Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

CPENameOperatorVersion
coldfusioneq8.0
coldfusioneq9.0
coldfusioneq8.0.1
coldfusioneq9.0.1

Name	Operator	Version
coldfusion	eq	8.0
coldfusion	eq	9.0
coldfusion	eq	8.0.1
coldfusion	eq	9.0.1

References

helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix.html

osvdb.org/80008

secunia.com/advisories/48393

www.adobe.com/support/security/bulletins/apsb12-06.html

www.securitytracker.com/id?1026830

exchange.xforce.ibmcloud.com/vulnerabilities/73955