Test ID:	1.3.6.1.4.1.25623.1.0.807014
Category:	Web application abuses
Title:	Adobe ColdFusion Multiple Vulnerabilities (APSB15-29)
Summary:	Adobe ColdFusion is prone to multiple vulnerabilities.
Description:	Summary: Adobe ColdFusion is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An insufficient validation of user supplied input via unspecified vectors. - The Server-Side Request Forgery (SSRF) issue in Adobe BlazeDS. Vulnerability Impact: Successful exploitation will allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, to send HTTP traffic to intranet servers. Affected Software/OS: ColdFusion 10 before Update 18 and 11 before Update 7. Solution: Upgrade to version 10 Update 18 or 11 Update 7 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-8052 BugTraq ID: 77625 http://www.securityfocus.com/bid/77625 http://www.securitytracker.com/id/1034211 Common Vulnerability Exposure (CVE) ID: CVE-2015-8053 Common Vulnerability Exposure (CVE) ID: CVE-2015-5255 BugTraq ID: 77626 http://www.securityfocus.com/bid/77626 Bugtraq: 20151123 CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1 (Google Search) http://www.securityfocus.com/archive/1/536958/100/0/threaded HPdes Security Advisory: HPSBST03568 http://marc.info/?l=bugtraq&m=145996963420108&w=2 http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html http://www.securitytracker.com/id/1034210
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.