Vulnerabilities > CVE-2008-1203 - Unspecified vulnerability in Adobe Coldfusion 7.0/8.0

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
adobe
NVD
Published: 2008-03-12
Updated: 2024-11-21

Summary

The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection.

Vulnerable Configurations

Part Description Count
Application
Adobe
2

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 28205,28207 CVE(CAN) ID: CVE-2008-0643,CVE-2008-0644,CVE-2008-1203 ColdFusion MX是一款高效的网络应用服务器开发环境,具有很高的易用性和开发效率,基于标准的Java技术,可以与XML、Web Services和Microsoft.NET环境相集成。 如果ColdFusion应用的Application.cfm或Application.cfc包含有setEncoding函数的话,远程攻击者就可以通过提交恶意请求执行跨站脚本攻击。 ColdFusion没有正确地过滤某些CGI变量便返回给了用户,这允许远程攻击者通过篡改User Agent执行跨站脚本攻击,在用户浏览器会话中注入并执行任意HTML和脚本代码。 ColdFusion没有记录到管理界面失败的登录尝试,这可能便于攻击者执行暴力猜测攻击。 Adobe ColdFusion MX 7.02 Adobe ColdFusion MX 7.01 Adobe ColdFusion MX 7.00 Adobe ColdFusion 8 Adobe ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.adobe.com/support/coldfusion/ts/documents/kb403212/hf702-70734.zip target=_blank>http://www.adobe.com/support/coldfusion/ts/documents/kb403212/hf702-70734.zip</a> <a href=http://www.adobe.com/support/coldfusion/ts/documents/kb403070/chf8000003.zip target=_blank>http://www.adobe.com/support/coldfusion/ts/documents/kb403070/chf8000003.zip</a> <a href=http://www.adobe.com/support/security/bulletins/downloads/CF8_APSB08-0_8.zip target=_blank>http://www.adobe.com/support/security/bulletins/downloads/CF8_APSB08-0_8.zip</a> <a href=http://www.adobe.com/support/security/bulletins/downloads/CFMX7_APSB08_-08.zip target=_blank>http://www.adobe.com/support/security/bulletins/downloads/CFMX7_APSB08_-08.zip</a>
idSSV:3033
last seen2017-11-19
modified2008-03-15
published2008-03-15
reporterRoot
titleAdobe ColdFusion多个跨站脚本及无效日志漏洞

References