All the vulnerabilites related to Adobe Inc. - Adobe ColdFusion
jvndb-2005-000776
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Java Cryptography Extension 1.2.1 (JCE 1.2.1) will no longer function properly after July 28, 2005 due to the expiration of its digital certificate
Details
The digital certificate that was used to sign jar files in the Java Cryptography Extension (JCE) 1.2.1 expires on July 28, 2005. JCE 1.2.1 limits program behaviors after the expiration of the digital certificate. As a result, specific methods of JCE 1.2.1 will no longer work properly after the expiration, and problems may occur, such as an application using JCE does not start.
If you use JCE in Java application development, please check the version of JCE used. If you use J2SE 1.2.x or J2SE 1.3.x to develop Java applications, JCE 1.2.1 may be included as an optional package.
This issue, caused by the expiration of the digital certificate, is not a vulnerability; however, we provide this JVN article to publicize the issue to users.
*1 JPCERT/CC coordinated this issue based on the publicly available information.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN93926203/index.html |
| JPCERT-WR | http://www.jpcert.or.jp/wr/2005/wr052701.txt |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000776.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "The digital certificate that was used to sign jar files in the Java Cryptography Extension (JCE) 1.2.1 expires on July 28, 2005. JCE 1.2.1 limits program behaviors after the expiration of the digital certificate. As a result, specific methods of JCE 1.2.1 will no longer work properly after the expiration, and problems may occur, such as an application using JCE does not start.\r\n\r\nIf you use JCE in Java application development, please check the version of JCE used. If you use J2SE 1.2.x or J2SE 1.3.x to develop Java applications, JCE 1.2.1 may be included as an optional package.\r\n\r\nThis issue, caused by the expiration of the digital certificate, is not a vulnerability; however, we provide this JVN article to publicize the issue to users.\r\n\r\n*1 JPCERT/CC coordinated this issue based on the publicly available information.",
"link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000776.html",
"sec:cpe": [
{
"#text": "cpe:/a:adobe:coldfusion",
"@product": "Adobe ColdFusion",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:adobe:jrun",
"@product": "Adobe JRun",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:apc:powerchute",
"@product": "PowerChute",
"@vendor": "Schneider Electric",
"@version": "2.2"
},
{
"#text": "cpe:/a:bea:weblogic_express",
"@product": "BEA WebLogic Express",
"@vendor": "BEA Systems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:bea:weblogic_platform",
"@product": "BEA WebLogic Platform",
"@vendor": "BEA Systems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:bea:weblogic_server",
"@product": "BEA WebLogic Server",
"@vendor": "BEA Systems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cisco:wan_manager",
"@product": "Cisco WAN Manager (CWM)",
"@vendor": "Cisco Systems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cisco:wireless_lan_solution_engine",
"@product": "CiscoWorks Wireless LAN Solution Engine (CWWLSE)",
"@vendor": "Cisco Systems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_server",
"@product": "Interstage Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:powerchute",
"@product": "PowerChute",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server",
"@product": "Cosminexus Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_web_contents_generator",
"@product": "Cosminexus Web Contents Generator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:java_jce",
"@product": "IBM JCE",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:java_jdk",
"@product": "IBM JDK",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:java_jre",
"@product": "IBM JRE",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:infoteria_asteria_r2_flow_builder",
"@product": "ASTERIA R2 Flow Builder",
"@vendor": "Infoteria Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:infoteria_asteria_r2_server",
"@product": "ASTERIA R2 Server",
"@vendor": "Infoteria Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:esmpro_upsmanager",
"@product": "ESMPRO/UPSManager",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:powerchute",
"@product": "PowerChute",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:j2se",
"@product": "J2SE",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:jce",
"@product": "JCE",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:cisco:hosting_solution_engine",
"@product": "CiscoWorks Host Solution Engine (HSE)",
"@vendor": "Cisco Systems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:fujitsu:primergy",
"@product": "PRIMERGY",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/h:hitachi:ha8000",
"@product": "HA8000 Series",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/h:mcafee:intrushield_security_management_system",
"@product": "McAfee IntruShield",
"@vendor": "McAfee",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2005-000776",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN93926203/index.html",
"@id": "JVN#93926203",
"@source": "JVN"
},
{
"#text": "http://www.jpcert.or.jp/wr/2005/wr052701.txt",
"@id": "JPCERT-WR-2005-2701",
"@source": "JPCERT-WR"
}
],
"title": "Java Cryptography Extension 1.2.1 (JCE 1.2.1) will no longer function properly after July 28, 2005 due to the expiration of its digital certificate"
}
jvndb-2007-000160
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
ColdFusion cross-site scripting vulnerability
Details
ColdFusion, web application development software from Adobe, contains a cross-site scripting vulnerability.
According to the statements from the developer, this vulnerability does not arise when the "Enable Global Script Protection" setting is turned on.
This vulnerability is different from JVN#48566866.
References
Impacted products
| Vendor | Product |
|---|---|
| Adobe Inc. | Adobe ColdFusion |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000160.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "ColdFusion, web application development software from Adobe, contains a cross-site scripting vulnerability.\r\n\r\nAccording to the statements from the developer, this vulnerability does not arise when the \u0026quot;Enable Global Script Protection\u0026quot; setting is turned on. \r\n\r\nThis vulnerability is different from JVN#48566866.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000160.html",
"sec:cpe": {
"#text": "cpe:/a:adobe:coldfusion",
"@product": "Adobe ColdFusion",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000160",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN28356427/index.html",
"@id": "JVN#28356427",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5859",
"@id": "CVE-2006-5859",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5859",
"@id": "CVE-2006-5859",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/24115/",
"@id": "SA24115",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/22544",
"@id": "22544",
"@source": "BID"
},
{
"#text": "http://www.securitytracker.com/id?1017644",
"@id": "1017644",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/0592",
"@id": "FrSIRT/ADV-2007-0592",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "ColdFusion cross-site scripting vulnerability"
}
jvndb-2014-000105
Vulnerability from jvndb
Published
2014-09-12 14:00
Modified
2014-09-29 11:42
Summary
Help Page in multiple Adobe products vulnerable to cross-site scripting
Details
The Help page provided in multiple Adobe products contains a cross-site scripting vulnerability.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Adobe Inc. | Adobe Acrobat |
| Adobe Inc. | Adobe ColdFusion |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000105.html",
"dc:date": "2014-09-29T11:42+09:00",
"dcterms:issued": "2014-09-12T14:00+09:00",
"dcterms:modified": "2014-09-29T11:42+09:00",
"description": "The Help page provided in multiple Adobe products contains a cross-site scripting vulnerability.\r\n\r\nYuji Tounai of bogus.jp reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000105.html",
"sec:cpe": [
{
"#text": "cpe:/a:adobe:acrobat",
"@product": "Adobe Acrobat",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:adobe:coldfusion",
"@product": "Adobe ColdFusion",
"@vendor": "Adobe Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000105",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN84376800/index.html",
"@id": "JVN#84376800",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5315",
"@id": "CVE-2014-5315",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5315",
"@id": "CVE-2014-5315",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Help Page in multiple Adobe products vulnerable to cross-site scripting"
}
jvndb-2009-000054
Vulnerability from jvndb
Published
2009-08-19 16:33
Modified
2009-08-19 16:33
Summary
ColdFusion vulnerable to cross-site scripting
Details
ColdFusion provided by Adobe contains a cross-site scripting vulnerability.
ColdFusion from Adobe is a software to develop web applications. ColdFusion contains a cross-site scripting vulnerability.
This vulnerability is different from JVN#28356427 and JVN#48566866.
Project VEX of UBsecure, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Adobe Inc. | Adobe ColdFusion |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000054.html",
"dc:date": "2009-08-19T16:33+09:00",
"dcterms:issued": "2009-08-19T16:33+09:00",
"dcterms:modified": "2009-08-19T16:33+09:00",
"description": "ColdFusion provided by Adobe contains a cross-site scripting vulnerability.\r\n\r\nColdFusion from Adobe is a software to develop web applications. ColdFusion contains a cross-site scripting vulnerability.\r\n\r\nThis vulnerability is different from JVN#28356427 and JVN#48566866.\r\n\r\nProject VEX of UBsecure, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000054.html",
"sec:cpe": {
"#text": "cpe:/a:adobe:coldfusion",
"@product": "Adobe ColdFusion",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000054",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN21388501/index.html",
"@id": "JVN#21388501",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1875",
"@id": "CVE-2009-1875",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1875",
"@id": "CVE-2009-1875",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "ColdFusion vulnerable to cross-site scripting"
}
jvndb-2007-000159
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Adobe JRun cross-site scripting vulnerability
Details
Adobe JRun is an application server based on J2EE (Java 2 Platform Enterprise Edition). Adobe JRun contains a cross-site scripting vulnerability.
References
Impacted products
| Vendor | Product |
|---|---|
| Adobe Inc. | Adobe ColdFusion |
| Adobe Inc. | Adobe JRun |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000159.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Adobe JRun is an application server based on J2EE (Java 2 Platform Enterprise Edition). Adobe JRun contains a cross-site scripting vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000159.html",
"sec:cpe": [
{
"#text": "cpe:/a:adobe:coldfusion",
"@product": "Adobe ColdFusion",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:adobe:jrun",
"@product": "Adobe JRun",
"@vendor": "Adobe Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000159",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN14243645/index.html",
"@id": "JVN#14243645",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5860",
"@id": "CVE-2006-5860",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5860",
"@id": "CVE-2006-5860",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/24093/",
"@id": "SA24093",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/22547",
"@id": "22547",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/32475",
"@id": "32475",
"@source": "XF"
},
{
"#text": "http://www.securitytracker.com/id?1017646",
"@id": "1017646",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/0594",
"@id": "FrSIRT/ADV-2007-0594",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Adobe JRun cross-site scripting vulnerability"
}
jvndb-2007-000161
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
ColdFusion error page cross-site scripting vulnerability
Details
ColdFusion, web application development software from Adobe, contains a cross-site scripting vulnerability in its error page.
This vulnerability is different from JVN#28356427.
References
Impacted products
| Vendor | Product |
|---|---|
| Adobe Inc. | Adobe ColdFusion |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000161.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "ColdFusion, web application development software from Adobe, contains a cross-site scripting vulnerability in its error page.\r\n\r\nThis vulnerability is different from JVN#28356427.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000161.html",
"sec:cpe": {
"#text": "cpe:/a:adobe:coldfusion",
"@product": "Adobe ColdFusion",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000161",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN48566866/index.html",
"@id": "JVN#48566866",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0817",
"@id": "CVE-2007-0817",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0817",
"@id": "CVE-2007-0817",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/24115/",
"@id": "SA24115",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/22401",
"@id": "22401",
"@source": "BID"
},
{
"#text": "http://www.securitytracker.com/id?1017645",
"@id": "1017645",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/0593",
"@id": "FrSIRT/ADV-2007-0593",
"@source": "FRSIRT"
}
],
"title": "ColdFusion error page cross-site scripting vulnerability"
}