Vulnerabilities > CVE-2012-0770 - Unspecified vulnerability in Adobe Coldfusion
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN adobe
nessus
Summary
Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Nessus
| NASL family | Windows |
| NASL id | COLDFUSION_WIN_APSB12-06.NASL |
| description | The remote Windows host is running a version of ColdFusion that is affected by a hash collision denial of service. A flaw exists in the way ColdFusion generates hash tables for user-supplied values. By sending a small number of specially crafted requests to a web server that uses ColdFusion, an attacker can take advantage of this flaw to cause a denial of service condition. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 58388 |
| published | 2012-03-19 |
| reporter | This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/58388 |
| title | Adobe ColdFusion Hash Collision DoS (APSB12-06) (credentialed check) |
References
- http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix.html
- http://osvdb.org/80008
- http://secunia.com/advisories/48393
- http://www.adobe.com/support/security/bulletins/apsb12-06.html
- http://www.securitytracker.com/id?1026830
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73955
- http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73955
- http://www.securitytracker.com/id?1026830
- http://www.adobe.com/support/security/bulletins/apsb12-06.html
- http://secunia.com/advisories/48393
- http://osvdb.org/80008