Main Vulnerability Database Vulnerabilities #VU44001

Code Injection in ColdFusion - CVE-2012-2041

Published: June 13, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU44001

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2012-2041

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Adobe

Affected software:
ColdFusion

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

CRLF injection vulnerability in the Component Browser in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

How to mitigate CVE-2012-2041

Install update from vendor's website.

Sources

http://www.adobe.com/support/security/bulletins/apsb12-15.html

Code Injection in ColdFusion - CVE-2012-2041

Detailed vulnerability description

How to mitigate CVE-2012-2041

Sources

Please verify you're human