Vulnerabilities: Security Bypass, spoofing attack in Adobe ColdFusion
The presence of fixes: Yes
The number of vulnerabilities: 2
CVE ID: CVE-2013-1387
Vector of operation: Remote
Impact: Security Bypass, spoofing attack
Affected Products: Adobe ColdFusion 10.с, Adobe ColdFusion 9.x
– Adobe ColdFusion 10, possibly other versions;
– Adobe ColdFusion 9.0.2, possibly other versions;
– Adobe ColdFusion 9.0.1, possibly other versions;
– Adobe ColdFusion 9.0, possibly other versions.
Which can be exploited by malicious people to bypass certain security restrictions.
1. The vulnerability is caused due to an unspecified error. A remote user can spoof the authenticated user.
2. The vulnerability is caused due to an unspecified error. A remote user can access the administrative console, ColdFusion.
Manufacturer URL: http://www.adobe.com/products/coldfusion-family.html
Solution: Install the update from the manufacturer’s website.