Security update: Hotfix available for ColdFusion - Vulnerability Database

Security update: Hotfix available for ColdFusion

Description

Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. This hotfix addresses vulnerabilities that could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server. Adobe is aware of reports that four vulnerabilities (CVE-2013-0625, CVE-2013-0629, CVE-2013-0631 and CVE-2013-0632, referenced in Security Advisory APSA13-01) are being exploited in the wild against ColdFusion customers.

Remediation

Adobe recommends ColdFusion customers update their installation. Consult Web references section for instructions.

References

ColdFusion Security hotfix APSB13-03

Security update: Hotfix available for ColdFusion

Related Vulnerabilities

Severity

High

Classification

CVE-2013-0625

CVE-2013-0629

CVE-2013-0631

CVE-2013-0632

CWE-255

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Security update: Hotfix available for ColdFusion

Description

Remediation

References

Related Vulnerabilities

Severity

Classification

Tags