CVE-2016-1115

Published on: 05/10/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:05 PM UTC

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Certain versions of Coldfusion from Adobe contain the following vulnerability:

Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 mishandles wildcards in name fields of X.509 certificates, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.

  • CVE-2016-1115 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.9 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK HIGH NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE HIGH NONE

CVSS2 Score: 4.3 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE PARTIAL NONE

CVE References

Description Tags Link
Adobe Security Bulletin Vendor Advisory
helpx.adobe.com
text/html
URL Logo CONFIRM helpx.adobe.com/security/products/coldfusion/apsb16-16.html
Adobe ColdFusion Bugs Let Remote Users Bypass Security Restrictions and Conduct Cross-Site Scripting Attacks - SecurityTracker Third Party Advisory
VDB Entry
www.securitytracker.com
text/html
URL Logo SECTRACK 1035829
Adobe ColdFusion CVE-2016-1115 Security Bypass Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 90514

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationAdobeColdfusion10.0-AllAll
ApplicationAdobeColdfusion10.0update1AllAll
ApplicationAdobeColdfusion10.0update10AllAll
ApplicationAdobeColdfusion10.0update11AllAll
ApplicationAdobeColdfusion10.0update12AllAll
ApplicationAdobeColdfusion10.0update13AllAll
ApplicationAdobeColdfusion10.0update14AllAll
ApplicationAdobeColdfusion10.0update15AllAll
ApplicationAdobeColdfusion10.0update16AllAll
ApplicationAdobeColdfusion10.0update17AllAll
ApplicationAdobeColdfusion10.0update18AllAll
ApplicationAdobeColdfusion10.0update2AllAll
ApplicationAdobeColdfusion10.0update3AllAll
ApplicationAdobeColdfusion10.0update4AllAll
ApplicationAdobeColdfusion10.0update5AllAll
ApplicationAdobeColdfusion10.0update6AllAll
ApplicationAdobeColdfusion10.0update7AllAll
ApplicationAdobeColdfusion10.0update8AllAll
ApplicationAdobeColdfusion10.0update9AllAll
ApplicationAdobeColdfusion11.0-AllAll
ApplicationAdobeColdfusion11.0update1AllAll
ApplicationAdobeColdfusion11.0update2AllAll
ApplicationAdobeColdfusion11.0update3AllAll
ApplicationAdobeColdfusion11.0update4AllAll
ApplicationAdobeColdfusion11.0update5AllAll
ApplicationAdobeColdfusion11.0update6AllAll
ApplicationAdobeColdfusion11.0update7AllAll
ApplicationAdobeColdfusion2016-AllAll
ApplicationAdobeColdfusion10.0-AllAll
ApplicationAdobeColdfusion10.0update1AllAll
ApplicationAdobeColdfusion10.0update10AllAll
ApplicationAdobeColdfusion10.0update11AllAll
ApplicationAdobeColdfusion10.0update12AllAll
ApplicationAdobeColdfusion10.0update13AllAll
ApplicationAdobeColdfusion10.0update14AllAll
ApplicationAdobeColdfusion10.0update15AllAll
ApplicationAdobeColdfusion10.0update16AllAll
ApplicationAdobeColdfusion10.0update17AllAll
ApplicationAdobeColdfusion10.0update18AllAll
ApplicationAdobeColdfusion10.0update2AllAll
ApplicationAdobeColdfusion10.0update3AllAll
ApplicationAdobeColdfusion10.0update4AllAll
ApplicationAdobeColdfusion10.0update5AllAll
ApplicationAdobeColdfusion10.0update6AllAll
ApplicationAdobeColdfusion10.0update7AllAll
ApplicationAdobeColdfusion10.0update8AllAll
ApplicationAdobeColdfusion10.0update9AllAll
ApplicationAdobeColdfusion11.0-AllAll
ApplicationAdobeColdfusion11.0update1AllAll
ApplicationAdobeColdfusion11.0update2AllAll
ApplicationAdobeColdfusion11.0update3AllAll
ApplicationAdobeColdfusion11.0update4AllAll
ApplicationAdobeColdfusion11.0update5AllAll
ApplicationAdobeColdfusion11.0update6AllAll
ApplicationAdobeColdfusion11.0update7AllAll
ApplicationAdobeColdfusion2016-AllAll
  • cpe:2.3:a:adobe:coldfusion:10.0:-:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update1:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update10:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update11:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update12:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update13:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update14:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update15:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update16:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update17:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update18:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update2:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update3:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update4:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update5:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update6:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update7:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update8:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update9:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:11.0:-:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:11.0:update1:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:11.0:update2:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:11.0:update3:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:11.0:update4:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:11.0:update5:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:11.0:update6:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:11.0:update7:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:2016:-:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:-:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update1:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update10:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update11:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update12:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update13:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update14:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update15:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update16:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update17:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update18:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update2:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update3:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update4:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update5:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update6:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update7:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update8:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:10.0:update9:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:11.0:-:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:11.0:update1:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:11.0:update2:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:11.0:update3:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:11.0:update4:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:11.0:update5:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:11.0:update6:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:11.0:update7:*:*:*:*:*:*:
  • cpe:2.3:a:adobe:coldfusion:2016:-:*:*:*:*:*:*: