5.9
CVE-2016-1115
- EPSS 2.49%
- Veröffentlicht 11.05.2016 01:59:44
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle psirt@adobe.com
- CVE-Watchlists
- Unerledigt
LoginAdobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 mishandles wildcards in name fields of X.509 certificates, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Coldfusion Version10.0 Update-
Adobe ≫ Coldfusion Version10.0 Updateupdate1
Adobe ≫ Coldfusion Version10.0 Updateupdate10
Adobe ≫ Coldfusion Version10.0 Updateupdate11
Adobe ≫ Coldfusion Version10.0 Updateupdate12
Adobe ≫ Coldfusion Version10.0 Updateupdate13
Adobe ≫ Coldfusion Version10.0 Updateupdate14
Adobe ≫ Coldfusion Version10.0 Updateupdate15
Adobe ≫ Coldfusion Version10.0 Updateupdate16
Adobe ≫ Coldfusion Version10.0 Updateupdate17
Adobe ≫ Coldfusion Version10.0 Updateupdate18
Adobe ≫ Coldfusion Version10.0 Updateupdate2
Adobe ≫ Coldfusion Version10.0 Updateupdate3
Adobe ≫ Coldfusion Version10.0 Updateupdate4
Adobe ≫ Coldfusion Version10.0 Updateupdate5
Adobe ≫ Coldfusion Version10.0 Updateupdate6
Adobe ≫ Coldfusion Version10.0 Updateupdate7
Adobe ≫ Coldfusion Version10.0 Updateupdate8
Adobe ≫ Coldfusion Version10.0 Updateupdate9
Adobe ≫ Coldfusion Version11.0 Update-
Adobe ≫ Coldfusion Version11.0 Updateupdate1
Adobe ≫ Coldfusion Version11.0 Updateupdate2
Adobe ≫ Coldfusion Version11.0 Updateupdate3
Adobe ≫ Coldfusion Version11.0 Updateupdate4
Adobe ≫ Coldfusion Version11.0 Updateupdate5
Adobe ≫ Coldfusion Version11.0 Updateupdate6
Adobe ≫ Coldfusion Version11.0 Updateupdate7
Adobe ≫ Coldfusion Version2016 Update-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.49% | 0.847 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.