Vulnerability Bulletins |
Cross site scripting en ColdFusion |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Integridad |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | Comercial Software |
| Affected software |
JRun 4.0 ColdFusion MX 7.0 Enterprise Edition ColdFusion MX 6.1 Enterprise |
Description |
|
|
Se ha descubierto una vulnerabilidad del tipo cross-site scirpting en la consola de administración para Adobe Jrun 4.0 que utiliza ColdFusion. La vulnerabilidad reside en un error no especificado. Un atacante remoto podría inyectar código web script arbitrario o HTML mediante métodos desconocidos. |
|
Solution |
|
|
Actualización de software Adobe JRun 4.0 / ColdFusion MX 7.0 / patch jrun-hotfix-66413.jar http://download.macromedia.com/pub/security/bulletins/apsb07-05/jrun-hotfix-66413.jar ColdFusion MX 6.1 Enterprise / patch jrun-hotfix-66413.jar http://download.macromedia.com/pub/security/bulletins/apsb07-05/jrun-hotfix-66413.jar http://www.adobe.com/go/jrun_updater |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2006-5860 |
| BID | 22547 |
Other resources |
|
|
Adobe Security Bulletin (APSB07-05) http://www.adobe.com/support/security/bulletins/apsb07-05.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2007-02-20 |