You are here

V-063: Adobe ColdFusion Bugs Let Remote Users Gain Access and Obtain Information

January 7, 2013 - 1:00am

Addthis

PROBLEM:

Adobe ColdFusion Bugs Let Remote Users Gain Access and Obtain Information

PLATFORM:

ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX

ABSTRACT:

Adobe has identified three vulnerabilities affecting ColdFusion for Windows, Macintosh and UNIX

REFERENCE LINKS:

Adobe Security Bulletin APSA13-01
SecurityTracker Alert ID:  1027938
CVE-2013-0625
CVE-2013-0629
CVE-2013-0631 

IMPACT ASSESSMENT:

High

DISCUSSION:

A remote user can bypass authentication and take control of the target system [CVE-2013-0625]. Systems with password protection disabled or with no password set are affected.

A remote user can gain access to restricted directories [CVE-2013-0629]. Systems with password protection disabled or with no password set are affected.

A remote user can obtain potentially sensitive information [CVE-2013-0631]. Versions 9.0, 9.0.1, and 9.0.2 are affected.

IMPACT:

A remote user can gain access to the target system.

A remote user can obtain potentially sensitive information.

SOLUTION:

No solution was available at the time of this entry.  The vendor plans to issue a fix on January 15, 2013.

Addthis