You are here
Adobe ColdFusion Bugs Let Remote Users Gain Access and Obtain Information
ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX
Adobe has identified three vulnerabilities affecting ColdFusion for Windows, Macintosh and UNIX
A remote user can bypass authentication and take control of the target system [CVE-2013-0625]. Systems with password protection disabled or with no password set are affected.
A remote user can gain access to restricted directories [CVE-2013-0629]. Systems with password protection disabled or with no password set are affected.
A remote user can obtain potentially sensitive information [CVE-2013-0631]. Versions 9.0, 9.0.1, and 9.0.2 are affected.
A remote user can gain access to the target system.
A remote user can obtain potentially sensitive information.
No solution was available at the time of this entry. The vendor plans to issue a fix on January 15, 2013.
Voice:Hotline at 1-866-941-2472
World Wide Web: http://energy.gov/cio/services/incident-management
JC3 services are available to JC3-Joint Cybersecurity Coordination Center, and JC3 Contractors.