Adobe ColdFusion HTTP Response Splitting (APSB12-15) (credentialed check)

The version of Adobe ColdFusion running on the remote host is affected by an HTTP response splitting vulnerability. The coldfusion.filter.ComponentFilter class does not properly sanitize input used in the Location header of an HTTP response. A remote attacker could exploit this by tricking a user...

Adobe ColdFusion HTTP响应分离漏洞

CVE ID: CVE-2012-2041 Adobe ColdFusion是一个动态Web服务器。 Adobe ColdFusion 8.0至9.0.1版本没有正确过滤某些输入即返回给用户，在实现上存在CRLF注入漏洞，可被利用插入任意HTTP标头，并执行HTTP响应分离攻击。 0 Adobe ColdFusion 9.x Adobe ColdFusion 8.x 厂商补丁： Adobe ----- Adobe已经为此发布了一个安全公告（apsb12-15）以及相应补丁: apsb12-15：Security update: Hotfix available for ColdFusio...

CVE-2012-2041

CRLF injection vulnerability in the Component Browser in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

CVE-2012-2041

CVE-2012-2041 describes a CRLF injection in the Component Browser of Adobe ColdFusion 8.0–9.0.1 , enabling remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via unspecified vectors. Public references point to Adobe’s APSB12-15 security bulletin, which provided ...