November 29, 2014

Adobe releases hotfix for ColdFusion

adobe-logo(LiveHacking.Com) –  Earlier this month Adobe published a security advisory outlining some Critical vulnerabilities in Adobe ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh, and UNIX. At the time, Adobe promised it would fix the problem and publish patches, which it has now done. The hotfix released by Adobe addresses vulnerabilities that could permit an unauthorized user to remotely circumvent authentication controls and potentially allowing the attacker to take control of the affected server. The flaws have been assigned CVE numbers: CVE-2013-0625, CVE-2013-0629, CVE-2013-0631 and CVE-2013-0632.

Adobe is reporting that it is aware of reports that the vulnerabilities are being exploited in the wild against ColdFusion customers.

The patches fix the follow vulnerabilities:

  • An authentication bypass vulnerability affecting ColdFusion versions 9.0.2, 9.0.1 and 9.0.0, which could result in an unauthorized user gaining administrative access (CVE-2013-0625).
  • A directory traversal vulnerability affecting ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0.0, which could permit an unauthorized user access to restricted directories (CVE-2013-0629).
  • A vulnerability affecting ColdFusion versions 9.0.2, 9.0.1 and 9.0.0, which could result in information disclosure from a compromised server (CVE-2013-0631).
  • An authentication bypass vulnerability affecting ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0.0, which could result in an unauthorized user gaining administrative access (CVE-2013-0632).
Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks