Description

Adobe has identified a critical vulnerability affecting ColdFusion 10, 9.0.2, 9.0.1 and 9.0 and earlier versions for Windows, Macintosh and UNIX. This vulnerability (CVE-2013-3336) could permit an unauthorized user to remotely retrieve files stored on the server.

Remediation

Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. Adobe recommends users update their product installation using the instructions provided in the "Solution" section of Security Bulletin APSB13-13.

References

Security Advisory for ColdFusion

Security update: Hotfix available for ColdFusion

Related Vulnerabilities

WordPress Plugin Stop User Enumeration Security Bypass (1.3.18)

WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.1.0)

WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist Directory Traversal (6.45)

Magento Config File Disclosure

Apache HTTP Server Insecure Path Normalization (CVE-2021-41773, CVE-2021-42013)

Severity

High

Classification

CVE-2013-3336 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal Information Disclosure