Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:113732
HistoryMay 14, 2013 - 12:00 a.m.

Adobe ColdFusion 9 & 10 code injection vulnerability

2013-05-1400:00:00
www.kb.cert.org
34

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

80.9%

JSON

Overview

Adobe ColdFusion 9, 9.0.1, 9.0.2 with the APSB13-03 hotfix and 10 are vulnerable to a code injection vulnerability when ColdFusion is configured to not require authentication and RDS is disabled.

Description

Adobe ColdFusion is vulnerable to a code injection attack when RDS is disabled and ColdFusion is configured to not require authentication. Adobe has released security bulletin APSB13-13 with more details regarding this vulnerability.

Impact

A remote unauthenticated attacker may be able to upload a malicious .cfm file to the server and have it executed.

Solution

Apply an Update

Adobe has released ColdFusion security hotfix APSB13-13 to address this vulnerability.

Vendor Information

113732

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Adobe Affected

Notified: April 05, 2013 Updated: May 14, 2013

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

CVSS Metrics

Group Score Vector
Base 8.8 AV:N/AC:M/Au:N/C:C/I:C/A:N
Temporal 7.7 E:ND/RL:OF/RC:C
Environmental 5.8 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Thanks to Tenable Network Security for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

CVE IDs: CVE-2013-1389
Date Public: 2013-05-14 Date First Published:

Related

seebug 2
cve 1
nvd 1
prion 1
nessus 2
cvelist 1
threatpost 1
cisa 1
openvas 1
securityvulns 1
seebug
seebug
Adobe ColdFusion θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž(CVE-2013-1389)
2013-05-21 00:00:00
Adobe ColdFusionθΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž(CVE-2013-1389)
2013-05-17 00:00:00
cve
cve
CVE-2013-1389
2022-10-03 16:14:47
nvd
nvd
CVE-2013-1389
2013-05-16 11:45:30
prion
prion
Code injection
2013-05-16 11:45:00
nessus
nessus
Adobe ColdFusion Authentication Bypass (APSB13-13)
2013-05-14 00:00:00
Adobe ColdFusion Authentication Bypass (APSB13-13) (intrusive check)
2013-05-14 00:00:00
cvelist
cvelist
CVE-2013-1389
2022-10-03 16:14:47
threatpost
threatpost
Adobe Patches ColdFusion Flaws Exploited in Wild
2013-05-14 16:02:39
cisa
cisa
Adobe Releases Security Update for ColdFusion
2013-05-09 00:00:00
openvas
openvas
Adobe ColdFusion Information Disclosure Vulnerability (APSB13-13)
2013-05-10 00:00:00
securityvulns
securityvulns
Adobe Coldfusion multiple security vulnereabilities
2013-07-15 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

80.9%

JSON
Related for VU:113732
seebug2cve1nvd1prion1nessus2cvelist1threatpost1cisa1openvas1securityvulns1