Adobe ColdFusion Bugs Let Remote Users Gain Access and Obtain Information
ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX
Adobe has identified three vulnerabilities affecting ColdFusion for Windows, Macintosh and UNIX
A remote user can bypass authentication and take control of the target system [CVE-2013-0625]. Systems with password protection disabled or with no password set are affected.
A remote user can gain access to restricted directories [CVE-2013-0629]. Systems with password protection disabled or with no password set are affected.
A remote user can obtain potentially sensitive information [CVE-2013-0631]. Versions 9.0, 9.0.1, and 9.0.2 are affected.
A remote user can gain access to the target system.
A remote user can obtain potentially sensitive information.
No solution was available at the time of this entry. The vendor plans to issue a fix on January 15, 2013.