Description

Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. This hotfix addresses vulnerabilities that could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server.

Adobe is aware of reports that four vulnerabilities (CVE-2013-0625, CVE-2013-0629, CVE-2013-0631 and CVE-2013-0632, referenced in Security Advisory APSA13-01) are being exploited in the wild against ColdFusion customers. Adobe recommends users update their product installation.

Remediation

Apply the ColdFusion Security hotfix APSB13-03 listed in the Web references section.

References

Security update: Hotfix available for ColdFusion

ColdFusion Security hotfix APSB13-03

Related Vulnerabilities

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Security Bypass (3.0.7)

Drupal Core 7.x Security Bypass (7.0 - 7.43)

WordPress Plugin Calendar Event Multi View Security Bypass (1.4.06)

WordPress 2.8.2 Multiple Security Bypass Vulnerabilities (2.0 - 2.8.2)

WordPress Plugin WordPress Download Manager Multiple Security Bypass Vulnerabilities (2.6.92)

Severity

High

Classification

CVE-2013-0625 CVE-2013-0629 CVE-2013-0631 CVE-2013-0632 CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Authentication Bypass Configuration