BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Adobe ColdFusion Arbitrary File Read Vulnerability

Disclosed May 8, 2013    Fully Patched

Vulnerability Description:

A vulnerability within ColdFusion allows attackers to read arbitrary files hosted on the server. This could lead to disclosure of sensitive information. This vulnerability has been exploited in the wild.

Vendors:

Adobe

Vulnerable Software/Devices:

Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10

Vulnerability Severity:

Medium

Exploit Availability:

N/A

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 19098 - Adobe ColdFusion Arbitrary File Read Vulnerability (Zero-Day) - UNIX/Linux
  • 19100 - Adobe ColdFusion Arbitrary File Read Vulnerability (Zero-Day) - Windows
  • 19101 - Adobe ColdFusion Arbitrary File Read Vulnerability (Zero-Day) - Mac OS X
  • 19190 - Adobe ColdFusion Multiple Vulnerabilities (20130514) - Windows CF10
  • 19191 - Adobe ColdFusion Multiple Vulnerabilities (20130514) - Windows CF10 x64
  • 19192 - Adobe ColdFusion Multiple Vulnerabilities (20130514) - Windows CF9
  • 19193 - Adobe ColdFusion Multiple Vulnerabilities (20130514) - UNIX/Linux CF10
  • 19194 - Adobe ColdFusion Multiple Vulnerabilities (20130514) - UNIX/Linux CF9
  • 19195 - Adobe ColdFusion Multiple Vulnerabilities (20130514) - Mac OS X CF10
  • 19196 - Adobe ColdFusion Multiple Vulnerabilities (20130514) - Mac OS X CF9

Mitigation:

Block public access to the following directories:

  • CFIDE/administrator
  • CFIDE/adminapi
  • CFIDE/gettingstarted

Links:

CVE(s):

None

Leave a Reply