Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Adobe Releases Hotfix to Address Critical Vulnerabilities in ColdFusion

Adobe on Tuesday released a hotfix to address four vulnerabilities affecting ColdFusion running on Windows, Mac OS and UNIX platforms.

Adobe on Tuesday released a hotfix to address four vulnerabilities affecting ColdFusion running on Windows, Mac OS and UNIX platforms.

On Jan. 5, Adobe issued a security advisory warning customers that certain vulnerabilities in ColdFusion were being actively exploited in attacks.

The security issues impact ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Mac OS X and UNIX, and if exploited, could let an attacker remotely bypass authentication controls, access to restricted directories, leak data, or take control of a compromised server.

The four vulnerabilities addressed in today’s security update include: 

CVE-2013-0625 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server.

CVE-2013-0629 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user access to restricted directories.

CVE-2013-0631 affects ColdFusion 9.0.2, 9.0.1 and 9.0, and could result in information disclosure from a compromised server

CVE-2013-0632 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server.

Adobe said previously that CVE-2013-0625 and CVE-2013-0629 only affect ColdFusion customers who do not have password protection enabled or have no password set.

Adobe categorizes this hotfix as a Priority 1 update, as it resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform. For that reason, Adobe recommends users update their installation to the newest version as soon as possible.

Instructions for ColdFusion customers on how to update their software along with additional details can be found here

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.