Multiple vulnerabilities in Adobe ColdFusion (April 16, 2013)

Posted: April 17, 2013 in Vulnerabilities
Tags: Adobe ColdFusion, Multiple vulnerabilities, Security Bypass, spoofing attack

Vulnerabilities in Adobe ColdFusion

Vulnerabilities: Security Bypass, spoofing attack in Adobe ColdFusion

Danger: Average
The presence of fixes: Yes
The number of vulnerabilities: 2

CVE ID: CVE-2013-1387
CVE-2013-1388
Vector of operation: Remote
Impact: Security Bypass, spoofing attack

Affected Products: Adobe ColdFusion 10.с, Adobe ColdFusion 9.x

Affected versions:

– Adobe ColdFusion 10, possibly other versions;
– Adobe ColdFusion 9.0.2, possibly other versions;
– Adobe ColdFusion 9.0.1, possibly other versions;
– Adobe ColdFusion 9.0, possibly other versions.

Description:

Which can be exploited by malicious people to bypass certain security restrictions.

1. The vulnerability is caused due to an unspecified error. A remote user can spoof the authenticated user.

2. The vulnerability is caused due to an unspecified error. A remote user can access the administrative console, ColdFusion.

Manufacturer URL: http://www.adobe.com/products/coldfusion-family.html

Solution: Install the update from the manufacturer’s website.

Links:

http://www.adobe.com/support/security/bulletins/apsb13-10.html

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

You are commenting using your Google+ account. ( Log Out / Change )

Cancel

Connecting to %s

MALWARELIST.net – Your Information Security Source

Security Solutions Deals

Follow Blog via Email

Top 5 Best Blog Posts

Categories

Find us on Facebook