Adobe ColdFusion directory traversal

Description

Adobe has identified a critical vulnerability affecting ColdFusion 10, 9.0.2, 9.0.1 and 9.0 and earlier versions for Windows, Macintosh and UNIX. This vulnerability (CVE-2013-3336) could permit an unauthorized user to remotely retrieve files stored on the server.

Remediation

Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. Adobe recommends users update their product installation using the instructions provided in the "Solution" section of Security Bulletin APSB13-13.

References