SB2012091201 - Multiple vulnerabilities in Adobe ColdFusion
Published: September 12, 2012 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2013-3349)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Unspecified vulnerability in Adobe ColdFusion 9.0 through 9.0.2, when the JRun application server is used, allows remote attackers to cause a denial of service via unknown vectors.
2) Input validation error (CVE-ID: CVE-2012-2048)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows attackers to cause a denial of service via unknown vectors.
Remediation
Install update from vendor's website.
References
- http://www.adobe.com/support/security/bulletins/apsb13-19.html
- http://www.securitytracker.com/id/1028757
- http://osvdb.org/85317
- http://secunia.com/advisories/50523
- http://www.adobe.com/support/security/bulletins/apsb12-21.html
- http://www.securitytracker.com/id?1027516
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78410