Adobe ColdFusion HTTP Response Splitting Vulnerability Network Vulnerability

Summary

This host is running Adobe ColdFusion and is prone to response splitting vulnerability.

Impact

Successful exploitation will allow attackers to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust. Impact Level: Application

Solution

Apply patch from below link, http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb12-15.html

Insight

This flaw exists because the application does not validate an unspecified HTTP header before returning it to the user. This can be exploited to insert arbitrary HTTP headers, which will be included in a response sent to the user.

Affected

Adobe ColdFusion versions 8.0 through 9.0.1

References

http://osvdb.org/82847
http://secunia.com/advisories/49517
http://www.adobe.com/support/security/bulletins/apsb12-15.html
http://www.securityfocus.com/bid/53941

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2041
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
12Planet Chat Server one2planet.infolet.InfoServlet XSS

Take action and discover your vulnerabilities