« Highly critical Vulnerabilities in SonicWALL SSL VPN Highly critical Vulnerabilities in Apple Mac OS X »

Nov 14 2007

Profile Image of MuZumbu
MuZumbu

Moderately critical Vulnerability in Adobe ColdFusion

Posted at 11:13 am under Secunia

Secunia Advisory: SA27644
Release Date: 2007-11-14
Critical:
Moderately critical
Impact: Hijacking
Where: From remote
Solution Status: Vendor Patch
Software: Adobe ColdFusion 8.x
Adobe ColdFusion MX 7.x
CVE reference: CVE-2007-5905 (Secunia mirror)
Description:
A vulnerability has been reported in Adobe ColdFusion, which potentially can be exploited by malicious people to hijack user sessions.

The vulnerability is caused due to an unspecified error when using CFID or CFTOKEN and can be exploited to e.g. hijack a user’s session on an application built using ColdFusion.

NOTE: This vulnerability does not affect customers using J2EE session management.

The vulnerability affects ColdFusion MX 7 and ColdFusion 8.

Solution:
Apply updates. Please see technote KB402805 for more information:
http://www.adobe.com/go/kb402805

Provided and/or discovered by:
The vendor credits Michael Chabot.

Original Advisory:
APSB07-19:
http://www.adobe.com/support/security/bulletins/apsb07-19.html

No responses yet

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.

"