Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0632

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2013-0632
Last Modified 17 Jan 2014 12:12:06
Published 16 Jan 2013 07:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-0632

Summary

administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013.

Vulnerable Systems

Application

  • Adobe Coldfusion 10.0

  • Adobe Coldfusion 9.0

  • Adobe Coldfusion 9.0.1

  • Adobe Coldfusion 9.0.2


References

CONFIRM - http://www.adobe.com/support/security/bulletins/apsb13-03.html

CONFIRM - http://www.adobe.com/support/security/advisories/apsa13-01.html

EXPLOIT-DB - 30210


Last Updated: 27 May 2016 11:01:42