Main Vulnerability Database Vulnerabilities #VU366

#VU366 Information disclosure in ColdFusion - CVE-2016-4264

Published: September 7, 2016 / Updated: September 14, 2018

Vulnerability identifier: #VU366

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2016-4264

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
ColdFusion

Software vendor:
Adobe

Description

The vulnerability allows attackers to gain access to potentially sensitive data.

The vulnerability exists due to flaw in XML objects analysis engine. A remote attacker supply specially crafted XML data and obtain potentilally sensitive information.

Successful exploitation of this vulnerability will allow an attacker to obtain sensitive information.

Remediation

Install patched version from vendor's website:
http://helpx.adobe.com/coldfusion/kb/coldfusion-11-update-10.html
http://helpx.adobe.com/coldfusion/kb/coldfusion-10-update-21.html

#VU366 Information disclosure in ColdFusion - CVE-2016-4264

Description

Remediation

External links