Vulnerabilities > CVE-2012-0770 - Unspecified vulnerability in Adobe Coldfusion
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. Per: http://cwe.mitre.org/data/definitions/407.html 'CWE-407: Algorithmic Complexity'
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Nessus
NASL family | Windows |
NASL id | COLDFUSION_WIN_APSB12-06.NASL |
description | The remote Windows host is running a version of ColdFusion that is affected by a hash collision denial of service. A flaw exists in the way ColdFusion generates hash tables for user-supplied values. By sending a small number of specially crafted requests to a web server that uses ColdFusion, an attacker can take advantage of this flaw to cause a denial of service condition. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 58388 |
published | 2012-03-19 |
reporter | This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/58388 |
title | Adobe ColdFusion Hash Collision DoS (APSB12-06) (credentialed check) |