Adobe ColdFusion directory traversal
Description
A critical directory traversal vulnerability (CVE-2013-3336) exists in Adobe ColdFusion versions 10, 9.0.2, 9.0.1, 9.0, and earlier across all platforms (Windows, Macintosh, and UNIX). This vulnerability allows unauthenticated remote attackers to bypass access controls and read arbitrary files from the server's file system by manipulating file path parameters.
Remediation
Apply the official security hotfix immediately for your ColdFusion version:
1. Identify your ColdFusion version (10, 9.0.2, 9.0.1, or 9.0)
2. Download the appropriate hotfix from Adobe Security Bulletin APSB13-13
3. Follow the installation instructions provided in the bulletin for your specific platform (Windows, Macintosh, or UNIX)
4. Restart the ColdFusion service after applying the hotfix
5. Verify the patch installation by checking the ColdFusion Administrator version information
6. Review server logs for any suspicious file access attempts prior to patching
Refer to Adobe Security Bulletin APSB13-13 for detailed installation procedures and additional security recommendations.