CVE-2012-2041: Code Injection
First published: Wed Jun 13 2012(Updated: )
CRLF injection vulnerability in the Component Browser in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe ColdFusion | =8.0 | |
| Adobe ColdFusion | =8.0.1 | |
| Adobe ColdFusion | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2012-2041?
CVE-2012-2041 is considered to be of moderate severity due to its potential for HTTP response splitting attacks.
How do I fix CVE-2012-2041?
To fix CVE-2012-2041, upgrade to Adobe ColdFusion version 9.0.1 or later, as this vulnerability is addressed in the updates.
What software versions are affected by CVE-2012-2041?
CVE-2012-2041 affects Adobe ColdFusion versions 8.0, 8.0.1, and 9.0.
Can CVE-2012-2041 lead to remote code execution?
CVE-2012-2041 does not directly lead to remote code execution but allows for HTTP header injection which can be exploited.
What types of attacks are possible with CVE-2012-2041?
CVE-2012-2041 allows attackers to conduct HTTP response splitting attacks, which can lead to cache poisoning and other issues.
- agent/weakness
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/references
- agent/remedy
- agent/description
- agent/author
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe coldfusion
- version/adobe coldfusion/8.0
- version/adobe coldfusion/8.0.1
- version/adobe coldfusion/9.0