Adobe ColdFusion RDS (CVE-2011-4368) Cross Site Scripting Vulnerability
BID:51043
Info
Adobe ColdFusion RDS (CVE-2011-4368) Cross Site Scripting Vulnerability
| Bugtraq ID: | 51043 |
| Class: | Input Validation Error |
| CVE: |
CVE-2011-4368 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 13 2011 12:00AM |
| Updated: | Dec 13 2011 12:00AM |
| Credit: | Oren Hafif of Hacktics ASC, Ernst & Young |
| Vulnerable: |
Adobe ColdFusion 8.0.1 Adobe ColdFusion 9.0.1 Adobe ColdFusion 9.0 Adobe ColdFusion 8.0 |
| Not Vulnerable: | |
Discussion
Adobe ColdFusion RDS (CVE-2011-4368) Cross Site Scripting Vulnerability
Adobe ColdFusion is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Adobe ColdFusion is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Exploit / POC
Adobe ColdFusion RDS (CVE-2011-4368) Cross Site Scripting Vulnerability
To exploit this issue, an attacker must entice a victim into following a malicious URI.
To exploit this issue, an attacker must entice a victim into following a malicious URI.
Solution / Fix
Adobe ColdFusion RDS (CVE-2011-4368) Cross Site Scripting Vulnerability
Solution:
Updates are available. Please see the references for details.
Adobe ColdFusion 8.0
Adobe ColdFusion 9.0
Adobe ColdFusion 9.0.1
Adobe ColdFusion 8.0.1
Solution:
Updates are available. Please see the references for details.
Adobe ColdFusion 8.0
-
Adobe Adobe Hotfix CF8.zip
http://kb2.adobe.com/cps/925/cpsid_92512/attachments/CF8.zip -
Adobe Adobe Hotfix CFIDE-8.zip
http://kb2.adobe.com/cps/925/cpsid_92512/attachments/CFIDE-8.zip
Adobe ColdFusion 9.0
-
Adobe Adobe Hotfix CF9.zip
http://kb2.adobe.com/cps/925/cpsid_92512/attachments/CF9.zip -
Adobe Adobe Hotfix CFIDE-9.zip
http://kb2.adobe.com/cps/925/cpsid_92512/attachments/CFIDE-9.zip
Adobe ColdFusion 9.0.1
-
Adobe Adobe Hotfix CF901.zip
http://kb2.adobe.com/cps/925/cpsid_92512/attachments/CF901.zip -
Adobe Adobe Hotfix CFIDE-901.zip
http://kb2.adobe.com/cps/925/cpsid_92512/attachments/CFIDE-901.zip
Adobe ColdFusion 8.0.1
-
Adobe Adobe Hotfix CF801.zip
http://kb2.adobe.com/cps/925/cpsid_92512/attachments/CF801.zip -
Adobe Adobe Hotfix CFIDE-801.zip
http://kb2.adobe.com/cps/925/cpsid_92512/attachments/CFIDE-801.zip
References
Adobe ColdFusion RDS (CVE-2011-4368) Cross Site Scripting Vulnerability
References:
References: