Main Vulnerability Database Exploits ID:396 - Exploit for Information disclosure in ColdFusion - CVE-2016-4264

ID:396 - Exploit for Information disclosure in ColdFusion - CVE-2016-4264

Published: March 18, 2020

Vulnerability identifier: #VU366

Vulnerability risk: Low

CVE-ID: CVE-2016-4264

CWE-ID: CWE-200

Exploitation vector: Remote access

Vulnerable software:
ColdFusion

Link to public exploit:

https://www.exploit-db.com/exploits/40346/

Vulnerability description

The vulnerability allows attackers to gain access to potentially sensitive data.

The vulnerability exists due to flaw in XML objects analysis engine. A remote attacker supply specially crafted XML data and obtain potentilally sensitive information.

Successful exploitation of this vulnerability will allow an attacker to obtain sensitive information.

Remediation

Install patched version from vendor's website:
http://helpx.adobe.com/coldfusion/kb/coldfusion-11-update-10.html
http://helpx.adobe.com/coldfusion/kb/coldfusion-10-update-21.html

ID:396 - Exploit for Information disclosure in ColdFusion - CVE-2016-4264

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human