
Vulnerabilities in Adobe ColdFusion
Vulnerabilities: Security Bypass, spoofing attack in Adobe ColdFusion
Danger: Average
The presence of fixes: Yes
The number of vulnerabilities: 2
CVE ID: CVE-2013-1387
CVE-2013-1388
Vector of operation: Remote
Impact: Security Bypass, spoofing attack
Affected Products: Adobe ColdFusion 10.с, Adobe ColdFusion 9.x
Affected versions:
– Adobe ColdFusion 10, possibly other versions;
– Adobe ColdFusion 9.0.2, possibly other versions;
– Adobe ColdFusion 9.0.1, possibly other versions;
– Adobe ColdFusion 9.0, possibly other versions.
Description:
Which can be exploited by malicious people to bypass certain security restrictions.
1. The vulnerability is caused due to an unspecified error. A remote user can spoof the authenticated user.
2. The vulnerability is caused due to an unspecified error. A remote user can access the administrative console, ColdFusion.
Manufacturer URL: http://www.adobe.com/products/coldfusion-family.html
Solution: Install the update from the manufacturer’s website.
Links:
http://www.adobe.com/support/security/bulletins/apsb13-10.html