Adobe.ColdFusion.Multiple.Vulnerabilities.APSA13-01

description-logoDescription

Adobe ColdFusion is a web application framework developed by Adobe available for multiple platforms.
There are three vulnerabilities identified in the application.
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013. (CVE-2013-0625)
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013. (CVE-2013-0629)
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013. (CVE-2013-0631)
Adobe has addressed these issues in its security advisory http://www.adobe.com/support/security/advisories/apsa13-01.html

affected-products-logoAffected Products

Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10

Impact logoImpact

The vulnerable system could be compromised by remote attackers to retrieve content or modify application setting on the system; therefore there is a risk of creating a denial of service scenario, exposing sensitive information or executing arbitrary code.

recomended-action-logoRecommended Actions

Please download and apply patches as instructed in: http://www.adobe.com/support/security/advisories/apsa13-01.html.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)