Описание
Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:adobe:coldfusion:8.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:9.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.0147
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
EPSS
Процентиль: 81%
0.0147
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other