ColdFusion Adobe ColdFusion Web application server since 1995. Tag or script based programming language CFML.

Do you want an email whenever new security vulnerabilities are reported in Adobe ColdFusion?

Recent Adobe ColdFusion Security Advisories

Advisory Title Published
APSB21-75 Security updates available for Adobe ColdFusion | APSB21-16 APSB21-75 September 14, 2021
APSB21-16 Security updates available for Adobe ColdFusion | APSB21-16 March 22, 2021
APSB20-43 Security updates available for Adobe ColdFusion | APSB20-43 July 14, 2020
APSB20-18 Security updates available for ColdFusion | APSB20-18 April 14, 2020
APSB20-16 Security updates available for ColdFusion | APSB20-16 March 17, 2020

@coldfusion Tweets

Coders, the ninth edition of the Adobe ColdFusion Summit 2021 is edging closer! Mark your calendars for a low-down… https://t.co/16YxCAn1Rd
Wed Sep 15 13:05:25 +0000 2021

It’s that time of the year again! The ninth edition of the Adobe ColdFusion Summit is almost here and we can’t wait… https://t.co/ZGypaQylhV
Mon Sep 13 13:22:00 +0000 2021

Coders, the ninth edition of the Adobe ColdFusion is on its way! Mark your calendars for December 7th and 8th to un… https://t.co/S3lBt7n0rr
Thu Sep 09 13:34:33 +0000 2021

Coders, take note! The 9th annual Adobe ColdFusion Summit is almost here and we’ve upped our game. Mark your calend… https://t.co/1VxRdxZMLV
Tue Sep 07 14:10:31 +0000 2021

Want to move your CF instance to the cloud but don’t know where to start? Mark Takata’s webinar can get you up and… https://t.co/DrvzWAuxsW
Fri Sep 03 13:02:09 +0000 2021

By the Year

In 2021 there have been 2 vulnerabilities in Adobe ColdFusion with an average score of 6.6 out of ten. Last year ColdFusion had 7 security vulnerabilities published. Right now, ColdFusion is on track to have less security vulnerabilities in 2021 than it did last year. Last year, the average CVE base score was greater by 1.07

Year Vulnerabilities Average Score
2021 2 6.60
2020 7 7.67
2019 10 9.20
2018 14 7.99

It may take a day or so for new ColdFusion vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Adobe ColdFusion Security Vulnerabilities

The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory

CVE-2020-10145 7.8 - High - May 27, 2021

The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability.

AuthZ

Adobe Coldfusion versions 2016 (update 16 and earlier)

CVE-2021-21087 5.4 - Medium - April 15, 2021

Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction.

XSS

Adobe ColdFusion 2016 update 15 and earlier versions

CVE-2020-9673 7.8 - High - July 17, 2020

Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.

Untrusted Path

Adobe ColdFusion 2016 update 15 and earlier versions

CVE-2020-9672 7.8 - High - July 17, 2020

Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.

Untrusted Path

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability

CVE-2020-3796 6.5 - Medium - June 26, 2020

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure.

Information Disclosure

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability

CVE-2020-3767 6.5 - Medium - June 26, 2020

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service (dos).

Improper Input Validation

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability

CVE-2020-3768 7.8 - High - June 26, 2020

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.

Untrusted Path

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability

CVE-2020-3761 7.5 - High - March 25, 2020

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory.

Information Disclosure

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability

CVE-2020-3794 9.8 - Critical - March 25, 2020

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to arbitrary code execution of files located in the webroot or its subdirectory.

Improper Input Validation

ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability

CVE-2019-8256 9.8 - Critical - December 19, 2019

ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Successful exploitation could lead to privilege escalation.

Incorrect Default Permissions

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability

CVE-2019-8074 9.8 - Critical - September 27, 2019

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user.

Directory traversal

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection

CVE-2019-8073 9.8 - Critical - September 27, 2019

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user.

Command Injection

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability

CVE-2019-8072 7.5 - High - September 27, 2019

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.

Information Disclosure

ColdFusion versions Update 3 and earlier

CVE-2019-7840 9.8 - Critical - June 12, 2019

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

Marshaling, Unmarshaling

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability

CVE-2019-7839 9.8 - Critical - June 12, 2019

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

Command Injection

ColdFusion versions Update 3 and earlier

CVE-2019-7838 9.8 - Critical - June 12, 2019

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

Unrestricted File Upload

ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability

CVE-2019-7092 6.1 - Medium - May 24, 2019

ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability. Successful exploitation could lead to information disclosure .

XSS

ColdFusion versions Update 1 and earlier

CVE-2019-7091 9.8 - Critical - May 24, 2019

ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

Marshaling, Unmarshaling

ColdFusion versions Update 2 and earlier

CVE-2019-7816 9.8 - Critical - May 24, 2019

ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

Unrestricted File Upload

Adobe ColdFusion versions July 12 release (2018.0.0.310739)

CVE-2018-15958 9.8 - Critical - September 25, 2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

Marshaling, Unmarshaling

Adobe ColdFusion versions July 12 release (2018.0.0.310739)

CVE-2018-15964 7.5 - High - September 25, 2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure.

Information Disclosure

Adobe ColdFusion versions July 12 release (2018.0.0.310739)

CVE-2018-15963 5.3 - Medium - September 25, 2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary folder creation.

Adobe ColdFusion versions July 12 release (2018.0.0.310739)

CVE-2018-15962 5.3 - Medium - September 25, 2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Successful exploitation could lead to information disclosure.

Information Disclosure

Adobe ColdFusion versions July 12 release (2018.0.0.310739)

CVE-2018-15961 9.8 - Critical - September 25, 2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.

Unrestricted File Upload

Adobe ColdFusion versions July 12 release (2018.0.0.310739)

CVE-2018-15960 7.5 - High - September 25, 2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite.

Improper Input Validation

Adobe ColdFusion versions July 12 release (2018.0.0.310739)

CVE-2018-15959 9.8 - Critical - September 25, 2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

Marshaling, Unmarshaling

Adobe ColdFusion versions July 12 release (2018.0.0.310739)

CVE-2018-15965 9.8 - Critical - September 25, 2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

Marshaling, Unmarshaling

Adobe ColdFusion versions July 12 release (2018.0.0.310739)

CVE-2018-15957 9.8 - Critical - September 25, 2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

Marshaling, Unmarshaling

Adobe ColdFusion Update 5 and earlier versions

CVE-2018-4942 7.5 - High - May 19, 2018

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure.

XXE

Adobe ColdFusion Update 5 and earlier versions

CVE-2018-4941 6.1 - Medium - May 19, 2018

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.

XSS

Adobe ColdFusion Update 5 and earlier versions

CVE-2018-4940 6.1 - Medium - May 19, 2018

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.

XSS

Adobe ColdFusion Update 5 and earlier versions

CVE-2018-4939 9.8 - Critical - May 19, 2018

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.

Marshaling, Unmarshaling

Adobe ColdFusion Update 5 and earlier versions

CVE-2018-4938 7.8 - High - May 19, 2018

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. Successful exploitation could lead to local privilege escalation.

DLL preloading

Adobe ColdFusion has an XML external entity (XXE) injection vulnerability

CVE-2017-11286 7.5 - High - December 01, 2017

Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.

XXE

Adobe ColdFusion has a cross-site scripting (XSS) vulnerability

CVE-2017-11285 6.1 - Medium - December 01, 2017

Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.

XSS

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability

CVE-2017-11284 9.8 - Critical - December 01, 2017

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.

Marshaling, Unmarshaling

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability

CVE-2017-11283 9.8 - Critical - December 01, 2017

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.

Marshaling, Unmarshaling

Adobe ColdFusion 2016 Update 3 and earlier

CVE-2017-3008 6.1 - Medium - April 27, 2017

Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a reflected cross-site scripting vulnerability.

XSS

Adobe ColdFusion 2016 Update 3 and earlier

CVE-2017-3066 9.8 - Critical - April 27, 2017

Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. Successful exploitation could lead to arbitrary code execution.

Marshaling, Unmarshaling

The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10

CVE-2016-4264 8.6 - High - September 01, 2016

The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

XXE

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2

CVE-2016-4159 6.1 - Medium - June 16, 2016

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

XSS

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1

CVE-2016-1113 6.1 - Medium - May 11, 2016

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

XSS

Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1

CVE-2016-1114 9.8 - Critical - May 11, 2016

Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

Marshaling, Unmarshaling

Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 mishandles wildcards in name fields of X.509 certificates, which might

CVE-2016-1115 5.9 - Medium - May 11, 2016

Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 mishandles wildcards in name fields of X.509 certificates, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.

Improper Input Validation

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178

CVE-2015-5255 - November 18, 2015

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.

Improper Input Validation

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7

CVE-2015-8052 - November 18, 2015

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8053.

XSS

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7

CVE-2015-8053 - November 18, 2015

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8052.

XSS

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 16 and 11 before Update 5

CVE-2015-0345 - April 15, 2015

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 16 and 11 before Update 5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

XSS

Adobe ColdFusion 10 before Update 15 and 11 before Update 3

CVE-2014-9166 - December 10, 2014

Adobe ColdFusion 10 before Update 15 and 11 before Update 3 allows attackers to cause a denial of service (resource consumption) via unspecified vectors.

Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2

CVE-2014-0570 - October 15, 2014

Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Session Riding

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2

CVE-2014-0571 - October 15, 2014

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

XSS

Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2

CVE-2014-0572 - October 15, 2014

Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows local users to bypass intended IP-based access restrictions via unspecified vectors.

Permissions, Privileges, and Access Controls

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available

CVE-2013-5326 - November 13, 2013

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the logviewer directory.

XSS

Adobe ColdFusion 10 before Update 12

CVE-2013-5328 - November 13, 2013

Adobe ColdFusion 10 before Update 12 allows remote attackers to read arbitrary files via unspecified vectors.

Permissions, Privileges, and Access Controls

Adobe ColdFusion 10 before Update 11

CVE-2013-3350 - July 10, 2013

Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components (CFC) public methods via WebSockets.

Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9.0.1 before Update 10, 9.0.2 before Update 5, and 10 before Update 10

CVE-2013-1389 - May 16, 2013

Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9.0.1 before Update 10, 9.0.2 before Update 5, and 10 before Update 10 allows remote attackers to execute arbitrary code via unknown vectors.

Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9

CVE-2013-1388 - April 10, 2013

Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9 allows attackers to obtain administrator-console access via unknown vectors.

Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9

CVE-2013-1387 - April 10, 2013

Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9 allows attackers to impersonate users via unknown vectors.

Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when Internet Information Services (IIS) is used

CVE-2012-5674 - November 20, 2012

Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when Internet Information Services (IIS) is used, allows attackers to cause a denial of service via unknown vectors.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Adobe ColdFusion or by Adobe? Click the Watch button to subscribe.

Adobe
Vendor

Adobe ColdFusion
Web application server since 1995. Tag or script based programming language CFML.

subscribe