Description

Adobe has identified a critical vulnerability affecting ColdFusion 10, 9.0.2, 9.0.1 and 9.0 and earlier versions for Windows, Macintosh and UNIX. This vulnerability (CVE-2013-3336) could permit an unauthorized user to remotely retrieve files stored on the server.

Remediation

Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. Adobe recommends users update their product installation using the instructions provided in the "Solution" section of Security Bulletin APSB13-13.

References

Security Advisory for ColdFusion

Security update: Hotfix available for ColdFusion

Related Vulnerabilities

Reachable SharePoint interface

WordPress Plugin UnGallery Local File Disclosure (1.5.8)

WordPress Plugin IBS Mappro Arbitrary File Download (0.6)

YetiForce CRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-49508)

Symfony Profiler open

Severity

High

Classification

CVE-2013-3336 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal Information Disclosure