Preemptive Protection against Adobe ColdFusion Multiple Cross-Site Scripting Vulnerabilities (APSB10-11)
| Check Point Reference: | CPAI-2010-079 | |
| Date Published: | ||
| Preemptive Since: | ||
| Severity: | ||
| Source: | Adobe Security Bulletin APSB10-11 | |
| Industry Reference(s): | CVE-2009-3467 CVE-2010-1293 |
|
| Protection Provided by: |
Security Gateway
|
|
|
Who is Vulnerable? ColdFusion 8.0, 8.0.1, 9.0 and earlier versions for Windows, Macintosh and UNIX |
||
| Vulnerability Description Multiple cross-site scripting (XSS) vulnerabilities have been discovered in Adobe ColdFusion server. Adobe ColdFusion is an application server for developing dynamically generated Web sites. Cross-site scripting occurs when a Web-based application fails to validate user input before returning it to the client's browser. This enables attackers to inject malicious content into Web pages to be executed in the context of the user's browser. A remote attacker could exploit these issues to execute a cross-site scripting attack or cause a denial of service condition. |
||
|
Update/Patch Available Apply Hotfix: Adobe Security Bulletin APSB10-11 |
|
|
Vulnerability Details The vulnerabilities are due to an error in the Adobe ColdFusion server that fails to sufficiently validate input when processing client HTTP requests. A remote attacker could trigger this issue via a specially crafted HTTP request. Successful exploitation of this issue will allow the attacker to inject arbitrary web script or HTML to the vulnerable server. |
Protection Overview
This protection will detect and block Cross-Site Scripting attacks. No update is required to address this vulnerability.
To configure the defense, select your product from the list below and follow the related protection steps.