Description
Adobe has identified a critical vulnerability affecting ColdFusion 10, 9.0.2, 9.0.1 and 9.0 and earlier versions for Windows, Macintosh and UNIX. This vulnerability (CVE-2013-3336) could permit an unauthorized user to remotely retrieve files stored on the server.
Remediation
Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. Adobe recommends users update their product installation using the instructions provided in the "Solution" section of Security Bulletin APSB13-13.
References
Related Vulnerabilities
WordPress Plugin Stop User Enumeration Security Bypass (1.3.18)
WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.1.0)
WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist Directory Traversal (6.45)
Magento Config File Disclosure
Apache HTTP Server Insecure Path Normalization (CVE-2021-41773, CVE-2021-42013)