CVE-2011-0581

Multiple CRLF injection vulnerabilities in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified tags.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.adobe.com/support/security/bulletins/apsb11-04.html	Patch Vendor Advisory
http://www.securitytracker.com/id?1025036
http://secunia.com/advisories/43264
http://www.vupen.com/english/advisories/2011/0334
http://www.securityfocus.com/bid/46281
https://exchange.xforce.ibmcloud.com/vulnerabilities/65276

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:adobe:coldfusion:9.0.1:::::::*
	cpe:2.3:a:adobe:coldfusion:8.0.1:::::::*
	cpe:2.3:a:adobe:coldfusion:9.0:::::::*
	cpe:2.3:a:adobe:coldfusion:8.0:::::::*

Information

Published : 2011-02-10 08:00

Updated : 2017-08-16 18:33

NVD link : CVE-2011-0581

Mitre link : CVE-2011-0581

JSON object : View

CWE

CWE-20

Improper Input Validation

Advertisement

Products Affected

adobe

coldfusion

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.adobe.com/support/security/bulletins/apsb11-04.html", "name": "http://www.adobe.com/support/security/bulletins/apsb11-04.html", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securitytracker.com/id?1025036", "name": "1025036", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/43264", "name": "43264", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2011/0334", "name": "ADV-2011-0334", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.securityfocus.com/bid/46281", "name": "46281", "tags": [], "refsource": "BID"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65276", "name": "adobe-coldfusion-crlf-injection(65276)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple CRLF injection vulnerabilities in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified tags."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-0581", "ASSIGNER": "psirt@adobe.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2011-02-10T16:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:coldfusion:9.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:coldfusion:8.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:coldfusion:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:33Z"}