You are here

V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability

July 11, 2013 - 6:00am

Addthis

PROBLEM:

A vulnerability has been reported in Adobe ColdFusion

PLATFORM:

The vulnerability is reported in version 10 for Windows, Macintosh, and Linux

ABSTRACT:

The vulnerability is caused due to an unspecified error and can be exploited to invoke public methods on ColdFusion Components (CFC) using WebSockets

REFERENCE LINKS:

Secunia Advisory SA54024
Adobe Security Bulletin APSB13-19
Stackoverflow.com
CVE-2013-3350

IMPACT ASSESSMENT:

High

DISCUSSION:

The hotfix resolves a vulnerability that could permit an attacker to invoke public methods on ColdFusion Components (CFC) using WebSockets

IMPACT:

Security Bypass

SOLUTION:

Vendor recommends applying current update

Addthis