| VID |
22442 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Adobe Macromedia ColdFusion software is vulnerable to a cross-site scripting attack via the User-Agent HTTP header. Adobe ColdFusion MX versions 6.x and 7.x are vulnerable to a cross-site scripting vulnerability, caused by improper validation of user-supplied input to the User-Agent HTTP header before using it to generate dynamic content in an error page. A remote attacker could exploit this vulnerability using a User-Agent HTTP header to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.
* References:
http://www.securityfocus.com/archive/1/459178/30/0/threaded
http://www.frsirt.com/english/advisories/2007/0593
http://securitytracker.com/alerts/2007/Feb/1017645.html
http://secunia.com/advisories/24115
* Platforms Affected:
Adobe Systems Incorporated, ColdFusion MX 6.x
Adobe Systems Incorporated, ColdFusion MX 7.x
Any operating system Any version |
| Recommendation |
Apply a patch for ColdFusion MX 7.X or ColdFusion MX 6.X, as listed in Adobe Security bulletin APSB07-04 at http://www.adobe.com/support/security/bulletins/apsb07-04.html |
| Related URL |
CVE-2007-0817 (CVE) |
| Related URL |
22401 (SecurityFocus) |
| Related URL |
32438 (ISS) |
|
