Status/Resolution/Reason: Closed/Fixed/
Reporter/Name(from Bugbase): David Epler / David Epler (David Epler)
Created: 03/09/2016
Components: Security Analyzer
Versions: 2016
Failure Type: Unspecified
Found In Build/Fixed In Build: Alpha_v12 /
Priority/Frequency: Major / Unknown
Locale/System: English / Win All
Vote Count: 0
When running the security analyzer across attached code it should flag the use of CGI.HTTP_USER_AGENT in line 1 as XSS and line 4 as SQLi.
There are numerous items populated into CGI scope that come directly from the web browser/user agent and can be tampered with which can cause security issues.
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 4126678
External Customer Info:
External Company:
External Customer Name: David Epler
External Customer Email: dcepler@dcepler.net
External Test Config: Friendly Name: Current MBP
System Type: Laptop
Brand: Apple
Model: Mid-2012 15"
Processor Type: Intel Core i7
Processor Speed: 2GHz to 3GHz
Memory: 8GB to 16GB
Hard Drive Storage: 500GB-1TB
Peripherals: LCD Display
Peripherals: Web-Cam
Connectivity: Ethernet
Connectivity: Wireless 802.11 N
Interfaces: Firewire
Interfaces: USB 2.x
Media: CD
Media: CD-R
Media: CD-RW
Media: DVD
Media: DVD+R
Media: DVD-R
Media: SD Card
Primary Operating System: Mac OS X 10.9 (Mavericks)
Secondary Operating System: Windows 7 64
System Location: Other
Time Owned: 2 to 3 Years
Bug File Paths:
\\sjshare.corp.adobe.com\Prereleasebugfiles\ColdFusion\12.0\Alpha_v12\4023610\cgi.cfmAttachments:
Comments: