Description
Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. This hotfix addresses vulnerabilities that could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server.
Adobe is aware of reports that four vulnerabilities (CVE-2013-0625, CVE-2013-0629, CVE-2013-0631 and CVE-2013-0632, referenced in Security Advisory APSA13-01) are being exploited in the wild against ColdFusion customers. Adobe recommends users update their product installation.
Remediation
Apply the ColdFusion Security hotfix APSB13-03 listed in the Web references section.
References
Related Vulnerabilities
WordPress Plugin WP Activity Log Security Bypass (3.3.1.1)
WordPress Plugin WP to Twitter Security Bypass (3.2.19)
Drupal Core 9.3.x Security Bypass (9.3.0 - 9.3.11)
WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud Security Bypass (4.10.7)
WordPress Plugin Web to Print Online Designer Security Bypass (2.3.0)