CVE-2011-0733

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions prior to 9.0.1 CHF1

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header in an id=- query to a .cfm file. This occurs because the User-Agent header is not properly sanitized, allowing an attacker to inject malicious code.

Recommendations For Adobe ColdFusion versions prior to 9.0.1 CHF1, update to version 9.0.1 CHF1 or later to resolve the issue. As a temporary workaround, consider restricting access to .cfm files or sanitizing the User-Agent header to prevent malicious code injection.