Adobe ColdFusion Multiple Input Validation Vulnerabilities

Bugtraq ID:	21532
Class:	Input Validation Error
CVE:	CVE-2006-6482
Remote:	Yes
Local:	No
Published:	Dec 11 2006 12:00AM
Updated:	Jul 06 2016 02:40PM
Credit:	Brett Moore <[email protected]> is credited with the discovery of these issues.
Vulnerable:	Adobe ColdFusion MX 7.02 Adobe ColdFusion MX 7.01 Adobe ColdFusion MX 7.00
Not Vulnerable:

Adobe ColdFusion Multiple Input Validation Vulnerabilities

Adobe ColdFusion is prone to multiple input-validation vulnerabilities, including two information-disclosure issues and one cross-site scripting issue.

An attacker can exploit these issues to gain sensitive information, including cookie-based authentication credentials, which can aid in further attacks.

Adobe ColdFusion MX7 is vulnerable; MX6 may also be affected.

Adobe ColdFusion Multiple Input Validation Vulnerabilities

Attackers can exploit these issues via a web client. Note that to exploit a cross-site scripting attack, the attacker must entice a victim user to follow a malicious URI.