| Vulnerability Name: | CVE-2008-1656 (CCN-41720) | ||||||||
| Assigned: | 2008-04-08 | ||||||||
| Published: | 2008-04-08 | ||||||||
| Updated: | 2017-08-08 | ||||||||
| Summary: | Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725. | ||||||||
| CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-1656 Source: CCN Type: SA29748 Adobe ColdFusion CFC Methods Access Security Bypass Source: SECUNIA Type: Patch, Vendor Advisory 29748 Source: CCN Type: SECTRACK ID: 1019806 Adobe ColdFusion Lets Remote Users Access CFC Methods Source: SECTRACK Type: UNKNOWN 1019806 Source: CCN Type: Adobe Product Security Bulletin APSB08-12 Update available for ColdFusion 8 CFC method access level issue Source: CONFIRM Type: Patch, Vendor Advisory http://www.adobe.com/support/security/bulletins/apsb08-12.html Source: OSVDB Type: UNKNOWN 44280 Source: CCN Type: OSVDB ID: 44280 Adobe ColdFusion Flex2 Remoting CFC Methods Access Security Bypass Source: BID Type: UNKNOWN 28698 Source: CCN Type: BID-28698 Adobe ColdFusion CFC Method Access Level Security Bypass Vulnerability Source: VUPEN Type: UNKNOWN ADV-2008-1157 Source: XF Type: UNKNOWN adobe-coldfusion-cfc-security-bypass(41720) Source: XF Type: UNKNOWN adobe-coldfusion-cfc-security-bypass(41720) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||