ID CVE-2013-3336
Summary Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors.
References
Vulnerable Configurations
  • Adobe ColdFusion 9.0
    cpe:2.3:a:adobe:coldfusion:9.0
  • Adobe ColdFusion 9.0.1
    cpe:2.3:a:adobe:coldfusion:9.0.1
  • Adobe ColdFusion 9.0.2
    cpe:2.3:a:adobe:coldfusion:9.0.2
  • Adobe ColdFusion 10.0
    cpe:2.3:a:adobe:coldfusion:10.0
CVSS
Base: 5.0 (as of 09-05-2013 - 10:21)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
exploit-db via4
description ColdFusion 9-10 - Credential Disclosure Exploit. CVE-2013-3336. Webapps exploits for multiple platform
file exploits/multiple/webapps/25305.py
id EDB-ID:25305
last seen 2016-02-03
modified 2013-05-08
platform multiple
port
published 2013-05-08
reporter HTP
source https://www.exploit-db.com/download/25305/
title ColdFusion 9-10 - Credential Disclosure Exploit
type webapps
metasploit via4
description This module uses a directory traversal vulnerability to extract information such as password, rdspassword, and "encrypted" properties. This module has been tested successfully on ColdFusion 9 and ColdFusion 10. Use actions to select the target ColdFusion version.
id MSF:AUXILIARY/GATHER/COLDFUSION_PWD_PROPS
last seen 2019-03-23
modified 2018-07-12
published 2013-05-13
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/coldfusion_pwd_props.rb
title ColdFusion 'password.properties' Hash Extraction
nessus via4
NASL family CGI abuses
NASL id COLDFUSION_APSA13-03.NASL
description The version of Adobe ColdFusion running on the remote host is affected by the following vulnerabilities : - A directory traversal vulnerability exists in /administrator/mail/download.cfm. A remote, authenticated attacker can exploit this issue to download arbitrary files. - A local file include vulnerability exists in /adminapi/customtags/l10n.cfm. A remote, unauthenticated attacker can exploit this to execute local cfm files. A remote, unauthenticated attacker can exploit both of these vulnerabilities, resulting in the download of arbitrary files as demonstrated in this plugin report.
last seen 2019-02-21
modified 2018-11-15
plugin id 66404
published 2013-05-14
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=66404
title Adobe ColdFusion Multiple Vulnerabilities (APSA13-03)
refmap via4
confirm
exploit-db 25305
Last major update 06-11-2013 - 23:39
Published 09-05-2013 - 08:31
Back to Top