First published: Wed Feb 07 2007(Updated: )
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe ColdFusion | =7.0.2 | |
Adobe ColdFusion | =6.1 | |
Adobe ColdFusion | =7.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2007-0817 is considered a medium severity vulnerability due to its potential for cross-site scripting attacks.
To fix CVE-2007-0817, update your Adobe ColdFusion installation to a patched version that sanitizes the User-Agent HTTP header.
CVE-2007-0817 affects Adobe ColdFusion versions 6.1, 7.0.1, and 7.0.2.
The vulnerability in CVE-2007-0817 allows remote attackers to inject arbitrary HTML or web scripts via inadequate input sanitization of the User-Agent header.
Web applications using vulnerable versions of Adobe ColdFusion are at risk, particularly those that expose error pages containing unsanitized User-Agent headers.