Adobe.ColdFusion.Multiple.Vulnerabilities.APSA13-01
Description
Adobe ColdFusion is a web application framework developed by Adobe available for multiple platforms.
There are three vulnerabilities identified in the application.
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013. (CVE-2013-0625)
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013. (CVE-2013-0629)
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013. (CVE-2013-0631)
Adobe has addressed these issues in its security advisory http://www.adobe.com/support/security/advisories/apsa13-01.html
Affected Products
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10
Impact
The vulnerable system could be compromised by remote attackers to retrieve content or modify application setting on the system; therefore there is a risk of creating a denial of service scenario, exposing sensitive information or executing arbitrary code.
Recommended Actions
Please download and apply patches as instructed in: http://www.adobe.com/support/security/advisories/apsa13-01.html.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |