You are here

V-030: Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service

November 21, 2012 - 3:00am

Addthis

PROBLEM:

Adobe ColdFusion Unspecified Bug Lets Remote Users Deny Service

PLATFORM:

ColdFusion 10 Update 1 and above for Windows

ABSTRACT:

Adobe ColdFusion Denial of Service Vulnerability

REFERENCE LINKS:

Adobe Vulnerability identifier: APSB12-25
SecurityTracker Alert ID:  1027787
Secunia Advisory SA51335
CVE-2012-5674

IMPACT ASSESSMENT:

High

DISCUSSION:

A vulnerability was reported in Adobe ColdFusion. A remote user can cause denial of service conditions.

A remote user can send specially crafted data to cause unspecified denial of service conditions on the target ColdFusion service on Windows Internet Information Services (IIS).

IMPACT:

A remote user can cause denial of service conditions.

SOLUTION:

Adobe has released a security hotfix for ColdFusion 10 Update 1 and above for Windows. This hotfix resolves a vulnerability affecting ColdFusion on Windows Internet Information Services (IIS), which could result in a Denial of Service condition.

Addthis