Main Vulnerability Database Vulnerabilities #VU45342

Input validation error in ColdFusion - CVE-2011-0581

Published: February 10, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU45342

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-0581

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Adobe

Affected software:
ColdFusion

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Multiple CRLF injection vulnerabilities in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified tags.

How to mitigate CVE-2011-0581

Install update from vendor's website.

Sources

http://secunia.com/advisories/43264
http://www.adobe.com/support/security/bulletins/apsb11-04.html
http://www.securityfocus.com/bid/46281
http://www.securitytracker.com/id?1025036
http://www.vupen.com/english/advisories/2011/0334
https://exchange.xforce.ibmcloud.com/vulnerabilities/65276

Input validation error in ColdFusion - CVE-2011-0581

Detailed vulnerability description

How to mitigate CVE-2011-0581

Sources

Please verify you're human