CVE-2012-0770Adobe Coldfusion vulnerability

4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
1.5%
top 19.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Coldfusion
Timeline
PublishedMar 13
Latest updateMay 14

Description

Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDadobe/coldfusion4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-5vjc-xmgw-9w4h: Adobe ColdFusion 82022-05-14
CVEList
CVE-2012-0770: Adobe ColdFusion 82012-03-13

💬Community

1
Bugzilla
CVE-2012-2746 rhds/389: plaintext password disclosure in audit log2012-06-19
CVE-2012-0770 — Adobe Coldfusion vulnerability | cvebase