Web application abuses : Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability (APSB13-19)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.804443

Categoría: Web application abuses

Título: Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability (APSB13-19)

Resumen: Adobe ColdFusion is prone to a denial of service; vulnerability.

Descripción: Summary:
Adobe ColdFusion is prone to a denial of service
vulnerability.

Vulnerability Insight:
The flaw is due to an error in ColdFusion Components (CFC) public methods
which can be accessed via WebSockets.

Vulnerability Impact:
Successful exploitation will allow attackers to cause denial of service
conditions.

Affected Software/OS:
Adobe ColdFusion 10 before Update 11.

Solution:
Upgrade to Adobe ColdFusion 10 Update 11 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: BugTraq ID: 61042
Common Vulnerability Exposure (CVE) ID: CVE-2013-3350
http://stackoverflow.com/questions/17351214/cf10-websocket-p2p-can-invoke-any-public-functions-in-any-cfc-from-javascript-h
http://www.securitytracker.com/id/1028757

Copyright Copyright (C) 2014 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.804443
Categoría:	Web application abuses
Título:	Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability (APSB13-19)
Resumen:	Adobe ColdFusion is prone to a denial of service; vulnerability.
Descripción:	Summary: Adobe ColdFusion is prone to a denial of service vulnerability. Vulnerability Insight: The flaw is due to an error in ColdFusion Components (CFC) public methods which can be accessed via WebSockets. Vulnerability Impact: Successful exploitation will allow attackers to cause denial of service conditions. Affected Software/OS: Adobe ColdFusion 10 before Update 11. Solution: Upgrade to Adobe ColdFusion 10 Update 11 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	BugTraq ID: 61042 Common Vulnerability Exposure (CVE) ID: CVE-2013-3350 http://stackoverflow.com/questions/17351214/cf10-websocket-p2p-can-invoke-any-public-functions-in-any-cfc-from-javascript-h http://www.securitytracker.com/id/1028757
Copyright	Copyright (C) 2014 Greenbone Networks GmbH