CVE-2006-6483

Properties

Published:
11.12.2006
Updated:
30.03.2007
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:H/Au:NR/C:N/I:P/A:N/B:N)
    Product:
    Adobe: ColdFusion

    Vulnerability description

    Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using"%00script"in a tag.

    References:

    BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/454046/100/0/threaded
    FRSIRT: http://www.frsirt.com/english/advisories/2006/4949
    SECTRACK: http://securitytracker.com/id?1017361
    SECUNIA: http://secunia.com/advisories/23281
    XF: http://xforce.iss.net/xforce/xfdb/30841
    http://www.adobe.com/support/security/bulletins/apsb07-06.html: http://www.adobe.com/support/security/bulletins/apsb07-06.html
    BID: http://www.securityfocus.com/bid/21532