Adobe ColdFusion (CVE-2009-3467) Unspecified Cross Site Scripting Vulnerability
BID:40069
Info
Adobe ColdFusion (CVE-2009-3467) Unspecified Cross Site Scripting Vulnerability
| Bugtraq ID: | 40069 |
| Class: | Input Validation Error |
| CVE: |
CVE-2009-3467 |
| Remote: | Yes |
| Local: | No |
| Published: | May 11 2010 12:00AM |
| Updated: | May 11 2010 12:00AM |
| Credit: | Eric Stevens of Sanofi Pasteur, Inc. |
| Vulnerable: |
Adobe ColdFusion 8.0.1 Adobe ColdFusion 7.0.2 Adobe ColdFusion 9.0 Adobe ColdFusion 8.0 |
| Not Vulnerable: | |
Discussion
Adobe ColdFusion (CVE-2009-3467) Unspecified Cross Site Scripting Vulnerability
Adobe ColdFusion is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
ColdFusion 9.0 and earlier are vulnerable.
Adobe ColdFusion is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
ColdFusion 9.0 and earlier are vulnerable.
Exploit / POC
Adobe ColdFusion (CVE-2009-3467) Unspecified Cross Site Scripting Vulnerability
To exploit this issue, an attacker must entice a victim into following a malicious URI.
To exploit this issue, an attacker must entice a victim into following a malicious URI.
Solution / Fix
Adobe ColdFusion (CVE-2009-3467) Unspecified Cross Site Scripting Vulnerability
Solution:
Updates are available. Please see the references for details.
Adobe ColdFusion 8.0
Adobe ColdFusion 9.0
Adobe ColdFusion 8.0.1
Solution:
Updates are available. Please see the references for details.
Adobe ColdFusion 8.0
-
Adobe CFIDE-8.zip
http://kb2.adobe.com/cps/841/cpsid_84102/attachments/CFIDE-8.zip -
Adobe shf8000001.zip
http://kb2.adobe.com/cps/841/cpsid_84102/attachments/shf8000001.zip
Adobe ColdFusion 9.0
-
Adobe CFIDE-9.zip
http://kb2.adobe.com/cps/841/cpsid_84102/attachments/CFIDE-9.zip -
Adobe shf9000001.zip
http://kb2.adobe.com/cps/841/cpsid_84102/attachments/shf9000001.zip
Adobe ColdFusion 8.0.1
-
Adobe CFIDE-801.zip
http://kb2.adobe.com/cps/841/cpsid_84102/attachments/CFIDE-801.zip -
Adobe shf8010001.zip
http://kb2.adobe.com/cps/841/cpsid_84102/attachments/shf8010001.zip
References
Adobe ColdFusion (CVE-2009-3467) Unspecified Cross Site Scripting Vulnerability
References:
References: