Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Coldfusion | Adobe | 9.0 (including) | 9.0 (including) |
Coldfusion | Adobe | 9.0-update_10 (including) | 9.0-update_10 (including) |
Coldfusion | Adobe | 9.0-update_12 (including) | 9.0-update_12 (including) |
Coldfusion | Adobe | 9.0.1 (including) | 9.0.1 (including) |
Coldfusion | Adobe | 9.0.1-update_11 (including) | 9.0.1-update_11 (including) |
Coldfusion | Adobe | 9.0.1-update_9 (including) | 9.0.1-update_9 (including) |
Coldfusion | Adobe | 9.0.2 (including) | 9.0.2 (including) |
Coldfusion | Adobe | 9.0.2-update_4 (including) | 9.0.2-update_4 (including) |
Coldfusion | Adobe | 9.0.2-update_6 (including) | 9.0.2-update_6 (including) |
Coldfusion | Adobe | 10.0 (including) | 10.0 (including) |
Coldfusion | Adobe | 10.0-update1 (including) | 10.0-update1 (including) |
Coldfusion | Adobe | 10.0-update11 (including) | 10.0-update11 (including) |
Coldfusion | Adobe | 10.0-update12 (including) | 10.0-update12 (including) |
Coldfusion | Adobe | 10.0-update2 (including) | 10.0-update2 (including) |
Coldfusion | Adobe | 10.0-update3 (including) | 10.0-update3 (including) |
Coldfusion | Adobe | 10.0-update4 (including) | 10.0-update4 (including) |
Coldfusion | Adobe | 10.0-update8 (including) | 10.0-update8 (including) |
Coldfusion | Adobe | 11.0 (including) | 11.0 (including) |