PROBLEM:
Adobe ColdFusion Bugs Let Remote Users Gain Access and Obtain Information
PLATFORM:
ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX
ABSTRACT:
Adobe has identified three vulnerabilities affecting ColdFusion for Windows, Macintosh and UNIX
REFERENCE LINKS:
Adobe Security Bulletin APSA13-01
SecurityTracker Alert ID: 1027938
CVE-2013-0625
CVE-2013-0629
CVE-2013-0631
IMPACT ASSESSMENT:
High
DISCUSSION:
A remote user can bypass authentication and take control of the target system [CVE-2013-0625]. Systems with password protection disabled or with no password set are affected.
A remote user can gain access to restricted directories [CVE-2013-0629]. Systems with password protection disabled or with no password set are affected.
A remote user can obtain potentially sensitive information [CVE-2013-0631]. Versions 9.0, 9.0.1, and 9.0.2 are affected.
IMPACT:
A remote user can gain access to the target system.
A remote user can obtain potentially sensitive information.
SOLUTION:
No solution was available at the time of this entry. The vendor plans to issue a fix on January 15, 2013.