CVE-2016-1115

MEDIUM

Adobe ColdFusion Certificate Spoofing via Wildcard Name Field Mishandling

Title source: llm
STIX 2.1

Description

Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 mishandles wildcards in name fields of X.509 certificates, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1035829
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/90514

Scores

CVSS v3 5.9
EPSS 0.0249
EPSS Percentile 82.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (3)
adobe/coldfusion 10.0 (19 CPE variants)
adobe/coldfusion 11.0 (8 CPE variants)
adobe/coldfusion 2016
Published May 11, 2016
Tracked Since Feb 18, 2026