Vulnerabilities > CVE-2013-0629 - Unspecified vulnerability in Adobe Coldfusion
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 | |
OS | 1 | |
OS | 1 | |
OS | 1 |
Exploit-Db
description | Adobe ColdFusion APSB13-03 - Remote Exploit. CVE-2013-0625,CVE-2013-0629,CVE-2013-0632. Remote exploits for multiple platform |
id | EDB-ID:24946 |
last seen | 2016-02-03 |
modified | 2013-04-10 |
published | 2013-04-10 |
reporter | metasploit |
source | https://www.exploit-db.com/download/24946/ |
title | Adobe ColdFusion APSB13-03 - Remote Exploit |
Nessus
NASL family | Windows |
NASL id | COLDFUSION_WIN_APSB13-03.NASL |
description | The version of Adobe ColdFusion running on the remote host is missing hotfixes that address the following vulnerabilities : - An authentication bypass vulnerability exists that could allow an unauthorized user to gain administrative access. (CVE-2013-0625) - A directory traversal vulnerability exists that could allow an unauthorized user to gain administrative access. (CVE-2013-0629) - An unspecified information disclosure vulnerability exists that affects servers that have already been compromised. (CVE-2013-0631) - Authentication bypass vulnerability exists that could allow an unauthorized user to gain administrative access. (CVE-2013-0632) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 66526 |
published | 2013-05-21 |
reporter | This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/66526 |
title | Adobe ColdFusion Multiple Vulnerabilities (APSB13-03) (credentialed check) |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/121210/adobe_coldfusion_apsb13_03.rb.txt |
id | PACKETSTORM:121210 |
last seen | 2016-12-05 |
published | 2013-04-10 |
reporter | Jon Hart |
source | https://packetstormsecurity.com/files/121210/Adobe-ColdFusion-APSB13-03-Command-Execution.html |
title | Adobe ColdFusion APSB13-03 Command Execution |
Seebug
bulletinFamily | exploit |
description | No description provided by source. |
id | SSV:78621 |
last seen | 2017-11-19 |
modified | 2014-07-01 |
published | 2014-07-01 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-78621 |
title | Adobe ColdFusion APSB13-03 Remote Exploit |
The Hacker News
id | THN:94E632EBA2F2F8E0EE29D17E71E3261A |
last seen | 2017-01-08 |
modified | 2013-11-13 |
published | 2013-11-13 |
reporter | Mohit Kumar |
source | http://thehackernews.com/2013/11/Adobe-Flash-ColdFusion-vulnerabilities-exploit-Hacker-News.html |
title | Security updates for available for Adobe Flash Player and ColdFusion vulnerabilities |
References
- http://www.adobe.com/support/security/advisories/apsa13-01.html
- http://www.adobe.com/support/security/advisories/apsa13-01.html
- http://www.adobe.com/support/security/bulletins/apsb13-03.html
- http://www.adobe.com/support/security/bulletins/apsb13-03.html
- http://www.securityfocus.com/bid/57165
- http://www.securityfocus.com/bid/57165