Multiple vulnerabilities in Adobe ColdFusion (April 16, 2013)

Posted: April 17, 2013 in Vulnerabilities
Tags: , , ,

Vulnerabilities in Adobe ColdFusion

Vulnerabilities in Adobe ColdFusion

Vulnerabilities: Security Bypass, spoofing attack in Adobe ColdFusion

Danger: Average
The presence of fixes: Yes
The number of vulnerabilities: 2

CVE ID: CVE-2013-1387
CVE-2013-1388
Vector of operation: Remote
Impact: Security Bypass, spoofing attack

Affected Products: Adobe ColdFusion 10.с, Adobe ColdFusion 9.x

Affected versions:

- Adobe ColdFusion 10, possibly other versions;
– Adobe ColdFusion 9.0.2, possibly other versions;
– Adobe ColdFusion 9.0.1, possibly other versions;
– Adobe ColdFusion 9.0, possibly other versions.

Description:

Which can be exploited by malicious people to bypass certain security restrictions.

1. The vulnerability is caused due to an unspecified error. A remote user can spoof the authenticated user.

2. The vulnerability is caused due to an unspecified error. A remote user can access the administrative console, ColdFusion.

Manufacturer URL: http://www.adobe.com/products/coldfusion-family.html

Solution: Install the update from the manufacturer’s website.

Links:

http://www.adobe.com/support/security/bulletins/apsb13-10.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s