Signature Detail

Short Name	APP:ADOBE-COLDFUSION-WEBSOCKET
Severity	High
Recommended	Yes
Recommended Action	Drop
Category	APP
Keywords	Adobe ColdFusion Unauthorized ColdFusion Components (CFC) Invokation via Web Socket
Release Date	2013/11/19
Update Number	2321
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

APP: Adobe ColdFusion Unauthorized ColdFusion Components (CFC) Invokation via Web Socket

This signature detects attempts to exploit a known vulnerability against Adobe ColdFusion. Attackers can invoke public methods on ColdFusion Components (CFC) via Web Sockets.

Extended Description

Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components (CFC) public methods via WebSockets.

Affected Products

adobe coldfusion 10.0 (update_1)
adobe coldfusion 10.0 (update_2)
adobe coldfusion 10.0 (update_3)
adobe coldfusion 10.0 (update_4)
adobe coldfusion 10.0 (update_8)

References

BugTraq: 61042
CVE: CVE-2013-3350

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

APP: Adobe ColdFusion Unauthorized ColdFusion Components (CFC) Invokation via Web Socket

Extended Description

Affected Products

References