Info

Disclosure

Mar 13, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Mar 13, 2012

Description

Adobe ColdFusion contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Adobe has released a patch to address this vulnerability. Check the vendor advisory in the references section.

Products

Adobe Systems Incorporated	ColdFusion	8.0
		8.0.1
		9.0
		9.0.1

References

Security Tracker: 1026830
CVE ID: 2012-0770 (see also: NVD)
Secunia Advisory ID: 48393
Vendor Specific Advisory URL: http://www.adobe.com/support/security/bulletins/apsb12-06.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/80008

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Adobe Systems Incorporated

ColdFusion

References

Credit