Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2012-2041 |
CWE-ID | CWE-94 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
ColdFusion Server applications / Application servers |
Vendor | Adobe |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU44001
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-2041
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
CRLF injection vulnerability in the Component Browser in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsColdFusion: 8.0 - 9.0
External linkshttp://www.adobe.com/support/security/bulletins/apsb12-15.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.