ColdFusion Flaws Patched

Thursday, January 17, 2013 @ 03:01 PM gHale


As promised, Adobe released security patches for its ColdFusion application server on Tuesday, addressing four critical vulnerabilities actively exploited by attackers since the beginning of the New Year.

The company published a security advisory about the four vulnerabilities, identified as CVE-2013-0625, CVE-2013-0629, CVE-2013-0631 and CVE-2013-0632, Jan. 4 and said at the time that it was aware of these flaws undergoing exploits against users.

RELATED STORIES
Adobe Fixes Acrobat, Reader, Flash
Malware Targets Java HTTP Servers
Adobe Shockwave Vulnerabilities
Java, Flash Updates Slow

Two of the vulnerabilities allow attackers to bypass the normal authentication restrictions of a ColdFusion application server in order to gain administrative access. Another flaw allows unauthorized users to access restricted directories, while the fourth can result in information disclosure on a compromised ColdFusion server.

Adobe released hotfixes for ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0. The company recommends customers update their installations using the instructions provided in a help document for their respective product version.

Adobe classified these vulnerabilities as critical and assigned a priority rating of 1 — the highest available — to the released hotfixes.

Just last week, Adobe patched two vulnerabilities for Acrobat/Reader and Flash Player, while the company.



Leave a Reply

You must be logged in to post a comment.