What is CVE-2020-3767?

CVE-2020-3767 is a vulnerability in ColdFusion versions 2016 and 2018 that allows for application-level denial-of-service attacks.

How severe is CVE-2020-3767?

CVE-2020-3767 has a severity rating of 6.5, which is considered medium.

How does CVE-2020-3767 impact ColdFusion?

CVE-2020-3767 can be exploited to cause denial-of-service attacks on ColdFusion applications.

Which versions of ColdFusion are affected by CVE-2020-3767?

ColdFusion versions 2016 and 2018 are affected by CVE-2020-3767.

How can I fix CVE-2020-3767?

To fix CVE-2020-3767, update ColdFusion to a patched version provided by Adobe.

Vulnerability/
CVE-2020-3767

medium

6.5

CWE

26/6/2020

4/8/2024

CVE-2020-3767: Input Validation

First published: Fri Jun 26 2020(Updated: )

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service (dos).

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe ColdFusion	=2016
Adobe ColdFusion	=2016-update1
Adobe ColdFusion	=2016-update10
Adobe ColdFusion	=2016-update11
Adobe ColdFusion	=2016-update12
Adobe ColdFusion	=2016-update13
Adobe ColdFusion	=2016-update14
Adobe ColdFusion	=2016-update2
Adobe ColdFusion	=2016-update3
Adobe ColdFusion	=2016-update4
Adobe ColdFusion	=2016-update5
Adobe ColdFusion	=2016-update6
Adobe ColdFusion	=2016-update7
Adobe ColdFusion	=2016-update8
Adobe ColdFusion	=2016-update9
Adobe ColdFusion	=2018
Adobe ColdFusion	=2018-update1
Adobe ColdFusion	=2018-update2
Adobe ColdFusion	=2018-update3
Adobe ColdFusion	=2018-update4
Adobe ColdFusion	=2018-update5
Adobe ColdFusion	=2018-update6
Adobe ColdFusion	=2018-update7
Adobe ColdFusion	=2018-update8

Never miss a vulnerability like this again

Reference Links

https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html

Frequently Asked Questions

What is CVE-2020-3767?
CVE-2020-3767 is a vulnerability in ColdFusion versions 2016 and 2018 that allows for application-level denial-of-service attacks.
How severe is CVE-2020-3767?
CVE-2020-3767 has a severity rating of 6.5, which is considered medium.
How does CVE-2020-3767 impact ColdFusion?
CVE-2020-3767 can be exploited to cause denial-of-service attacks on ColdFusion applications.
Which versions of ColdFusion are affected by CVE-2020-3767?
ColdFusion versions 2016 and 2018 are affected by CVE-2020-3767.
How can I fix CVE-2020-3767?
To fix CVE-2020-3767, update ColdFusion to a patched version provided by Adobe.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/severity
agent/references
agent/weakness
agent/tags
agent/event
agent/description
agent/first-publish-date
vendor/adobe
canonical/adobe coldfusion
version/adobe coldfusion/2016
version/adobe coldfusion/2016-update1
version/adobe coldfusion/2016-update10
version/adobe coldfusion/2016-update11
version/adobe coldfusion/2016-update12
version/adobe coldfusion/2016-update13
version/adobe coldfusion/2016-update14
version/adobe coldfusion/2016-update2
version/adobe coldfusion/2016-update3
version/adobe coldfusion/2016-update4
version/adobe coldfusion/2016-update5
version/adobe coldfusion/2016-update6
version/adobe coldfusion/2016-update7
version/adobe coldfusion/2016-update8
version/adobe coldfusion/2016-update9
version/adobe coldfusion/2018
version/adobe coldfusion/2018-update1
version/adobe coldfusion/2018-update2
version/adobe coldfusion/2018-update3
version/adobe coldfusion/2018-update4
version/adobe coldfusion/2018-update5
version/adobe coldfusion/2018-update6
version/adobe coldfusion/2018-update7
version/adobe coldfusion/2018-update8