ID CVE-2013-0625
Summary Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.
References
Vulnerable Configurations
  • Adobe ColdFusion 9.0
    cpe:2.3:a:adobe:coldfusion:9.0
  • Adobe ColdFusion 9.0.1
    cpe:2.3:a:adobe:coldfusion:9.0.1
  • Adobe ColdFusion 9.0.2
    cpe:2.3:a:adobe:coldfusion:9.0.2
  • Adobe ColdFusion 10.0
    cpe:2.3:a:adobe:coldfusion:10.0
CVSS
Base: 6.8 (as of 09-01-2013 - 10:34)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description Adobe ColdFusion APSB13-03 - Remote Exploit. CVE-2013-0625,CVE-2013-0629,CVE-2013-0632. Remote exploits for multiple platform
id EDB-ID:24946
last seen 2016-02-03
modified 2013-04-10
published 2013-04-10
reporter metasploit
source https://www.exploit-db.com/download/24946/
title Adobe ColdFusion APSB13-03 - Remote Exploit
nessus via4
NASL family Windows
NASL id COLDFUSION_WIN_APSB13-03.NASL
description The version of Adobe ColdFusion running on the remote host is missing hotfixes that address the following vulnerabilities : - An authentication bypass vulnerability exists that could allow an unauthorized user to gain administrative access. (CVE-2013-0625) - A directory traversal vulnerability exists that could allow an unauthorized user to gain administrative access. (CVE-2013-0629) - An unspecified information disclosure vulnerability exists that affects servers that have already been compromised. (CVE-2013-0631) - Authentication bypass vulnerability exists that could allow an unauthorized user to gain administrative access. (CVE-2013-0632)
last seen 2019-02-21
modified 2018-11-15
plugin id 66526
published 2013-05-21
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=66526
title Adobe ColdFusion Multiple Vulnerabilities (APSB13-03) (credentialed check)
packetstorm via4
data source https://packetstormsecurity.com/files/download/121210/adobe_coldfusion_apsb13_03.rb.txt
id PACKETSTORM:121210
last seen 2016-12-05
published 2013-04-10
reporter Jon Hart
source https://packetstormsecurity.com/files/121210/Adobe-ColdFusion-APSB13-03-Command-Execution.html
title Adobe ColdFusion APSB13-03 Command Execution
refmap via4
bid 57164
confirm
the hacker news via4
id THN:94E632EBA2F2F8E0EE29D17E71E3261A
last seen 2017-01-08
modified 2013-11-13
published 2013-11-13
reporter Mohit Kumar
source http://thehackernews.com/2013/11/Adobe-Flash-ColdFusion-vulnerabilities-exploit-Hacker-News.html
title Security updates for available for Adobe Flash Player and ColdFusion vulnerabilities
Last major update 17-01-2013 - 23:50
Published 08-01-2013 - 20:55
Back to Top