Vulnerabilities > CVE-2007-1278 - Denial Of Service vulnerability in Adobe Coldfusion and Jrun
Summary
Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. Per: http://www.adobe.com/support/security/bulletins/apsb07-07.html CVE number: CVE-2007-1278 Platform: Windows only Affected software versions: ColdFusion MX 7.X * JRun 4.0 Updater 6 * ColdFusion MX 7.0 Enterprise Edition, if installed as the "Multi-Server" option * ColdFusion MX 6.1 Enterprise, if installed with the "J2EE" option and deployed on JRun 4.0 Updater 6 NOTE: ColdFusion MX 6.1 and 7.0 Standard editions are not affected. This vulnerability has been addressed by the vendor with the following patch: http://www.adobe.com/support/security/bulletins/apsb07-07.html
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 3 |
References
- http://osvdb.org/34039
- http://secunia.com/advisories/24488
- http://www.adobe.com/support/security/bulletins/apsb07-07.html
- http://www.securityfocus.com/bid/22958
- http://www.securitytracker.com/id?1017752
- http://www.vupen.com/english/advisories/2007/0932
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32994