Contact us

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries

Services

Services

Take me to HPE.com

HTTP: Adobe ColdFusion Environment Variable Overwrite Attempt

This signature detects attempts to exploit a known flaw in Adobe ColdFusion. An attacker can send a crafted request which can overwrite ColdFusion environment variables, leading to Cross-Site Scripting (XSS), Data Injection, and other attacks. This signature should only be used to examine traffic going to ColdFusion HTTP servers.

References

URL: http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-7785.html http://www.owasp.org/images/0/0a/OWASP_AppSec_DC_2010_-_Deconstructing_ColdFusion.pdf

Short Name

HTTP:COLDFUSION:ENV-VAR-OW

Severity

Major

Recommended

False

Recommended Action

Drop

Category

HTTP

Keywords

Adobe Attempt ColdFusion Environment Overwrite Variable

Release Date

03/11/2011

Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version

3324

False Positive

Unknown