cvelistv5 - CVE-2013-3336

CVE-2013-3336 (GCVE-0-2013-3336)

Vulnerability from cvelistv5

Published

2013-05-09 10:00

Modified

2024-08-06 16:07

Severity ?

CWE

Summary

Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors.

References

URL

Tags

psirt@adobe.com	http://www.adobe.com/support/security/advisories/apsa13-03.html	Vendor Advisory
psirt@adobe.com	http://www.adobe.com/support/security/bulletins/apsb13-13.html
psirt@adobe.com	http://www.exploit-db.com/exploits/25305
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/advisories/apsa13-03.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb13-13.html
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/25305

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.553Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "25305",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/25305"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/advisories/apsa13-03.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb13-13.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-05-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-05-29T09:00:00",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "name": "25305",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/25305"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/advisories/apsa13-03.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb13-13.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2013-3336",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "25305",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/25305"
            },
            {
              "name": "http://www.adobe.com/support/security/advisories/apsa13-03.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/advisories/apsa13-03.html"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb13-13.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb13-13.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2013-3336",
    "datePublished": "2013-05-09T10:00:00",
    "dateReserved": "2013-05-06T00:00:00",
    "dateUpdated": "2024-08-06T16:07:37.553Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-3336\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2013-05-09T12:31:19.857\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad sin especificar en Adobe ColFusion v9.0, v9.0.1, v9.0.2, y v10 que permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s de vectores sin especificar.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"113431FB-E4BE-4416-800C-6B13AD1C0E92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:9.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FBC38B4-D957-4645-BA96-E99975271482\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:9.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD9AAAA5-231A-43BE-AD00-0918F0C9F90C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FAE2BA4-7CD9-4CBD-9D77-56D591FBDB24\"}]}]}],\"references\":[{\"url\":\"http://www.adobe.com/support/security/advisories/apsa13-03.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb13-13.html\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.exploit-db.com/exploits/25305\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.adobe.com/support/security/advisories/apsa13-03.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb13-13.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.exploit-db.com/exploits/25305\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorImpact\":\"Per http://www.adobe.com/support/security/advisories/apsa13-03.html\\r\\n\\\"Affected software versionsColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX\\\"\\r\\n\\r\\n\"}}"
  }
}

ghsa-h3v4-8w95-f7j6

Vulnerability from github

Published

2022-05-17 04:58

Modified

2022-05-17 04:58

Details

Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-3336"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-05-09T12:31:00Z",
    "severity": "MODERATE"
  },
  "details": "Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors.",
  "id": "GHSA-h3v4-8w95-f7j6",
  "modified": "2022-05-17T04:58:29Z",
  "published": "2022-05-17T04:58:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3336"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/advisories/apsa13-03.html"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb13-13.html"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/25305"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

De multiples vulnérabilités ont été corrigées dans Adobe ColdFusion. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	ColdFusion	Adobe ColdFusion 10
Adobe	ColdFusion	Adobe ColdFusion 9.0.2
Adobe	ColdFusion	Adobe ColdFusion 9.0.1
Adobe	ColdFusion	Adobe ColdFusion 9.0

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe apsb13-13 du 14 mai 2013

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe ColdFusion 10",
      "product": {
        "name": "ColdFusion",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe ColdFusion 9.0.2",
      "product": {
        "name": "ColdFusion",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe ColdFusion 9.0.1",
      "product": {
        "name": "ColdFusion",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe ColdFusion 9.0",
      "product": {
        "name": "ColdFusion",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1389"
    },
    {
      "name": "CVE-2013-3336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3336"
    }
  ],
  "initial_release_date": "2013-05-15T00:00:00",
  "last_revision_date": "2013-05-15T00:00:00",
  "links": [],
  "reference": "CERTA-2013-AVI-312",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-05-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAdobe ColdFusion\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe ColdFusion",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb13-13 du 14 mai 2013",
      "url": "http://www.adobe.com/support/security/bulletins/apsb13-13.html"
    }
  ]
}

fkie_cve-2013-3336

Vulnerability from fkie_nvd

Published

2013-05-09 12:31

Modified

2025-04-11 00:51

Severity ?

Summary

Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors.

References

URL	Tags
psirt@adobe.com	http://www.adobe.com/support/security/advisories/apsa13-03.html	Vendor Advisory
psirt@adobe.com	http://www.adobe.com/support/security/bulletins/apsb13-13.html
psirt@adobe.com	http://www.exploit-db.com/exploits/25305
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/advisories/apsa13-03.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb13-13.html
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/25305

Impacted products

Vendor	Product	Version
adobe	coldfusion	9.0
adobe	coldfusion	9.0.1
adobe	coldfusion	9.0.2
adobe	coldfusion	10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "113431FB-E4BE-4416-800C-6B13AD1C0E92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FBC38B4-D957-4645-BA96-E99975271482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:9.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD9AAAA5-231A-43BE-AD00-0918F0C9F90C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FAE2BA4-7CD9-4CBD-9D77-56D591FBDB24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad sin especificar en Adobe ColFusion v9.0, v9.0.1, v9.0.2, y v10 que permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s de vectores sin especificar."
    }
  ],
  "evaluatorImpact": "Per http://www.adobe.com/support/security/advisories/apsa13-03.html\r\n\"Affected software versionsColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX\"\r\n\r\n",
  "id": "CVE-2013-3336",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-05-09T12:31:19.857",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/advisories/apsa13-03.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.adobe.com/support/security/bulletins/apsb13-13.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.exploit-db.com/exploits/25305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/advisories/apsa13-03.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.adobe.com/support/security/bulletins/apsb13-13.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.exploit-db.com/exploits/25305"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2013-ALE-004

Vulnerability from certfr_alerte

Une vulnérabilité a été découverte dans Adobe ColdFusion. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Cette vulnérabilité est activement exploitée.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Adobe	ColdFusion	ColdFusion 10
Adobe	ColdFusion	ColdFusion 9.0.2
Adobe	ColdFusion	ColdFusion 9.0
Adobe	ColdFusion	ColdFusion 9.0.1

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSA13-03	2013-05-08	vendor-advisory
Avis de sécurité CERTA-2013-AVI-312	-	other
Guide de durcissement Adobe ColdFusion 10:	-	other
Guide de durcissement Adobe ColdFusion 9:	-	other
Bulletin de sécurité Adobe APSB13-13 du 14 mai 2013	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ColdFusion 10",
      "product": {
        "name": "ColdFusion",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "ColdFusion 9.0.2",
      "product": {
        "name": "ColdFusion",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "ColdFusion 9.0",
      "product": {
        "name": "ColdFusion",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "ColdFusion 9.0.1",
      "product": {
        "name": "ColdFusion",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "closed_at": "2013-05-15",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-3336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3336"
    }
  ],
  "initial_release_date": "2013-05-10T00:00:00",
  "last_revision_date": "2013-05-15T00:00:00",
  "links": [
    {
      "title": "Avis de s\u00e9curit\u00e9 CERTA-2013-AVI-312",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2013-AVI-312/"
    },
    {
      "title": "Guide de durcissement Adobe ColdFusion 10:",
      "url": "http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion-enterprise/pdf/CF10%20Lockdown%20Guide.pdf"
    },
    {
      "title": "Guide de durcissement Adobe ColdFusion 9:",
      "url": "http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/91025512-cf9-lockdownguide-wp-ue.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB13-13 du 14 mai 2013",
      "url": "http://www.adobe.com/support/security/bulletins/apsb13-13.html"
    }
  ],
  "reference": "CERTA-2013-ALE-004",
  "revisions": [
    {
      "description": "version initiale ;",
      "revision_date": "2013-05-10T00:00:00.000000"
    },
    {
      "description": "fermeture de l\u0027alerte, suite \u00e0 la diffusion du correctif par l\u0027\u00e9diteur.",
      "revision_date": "2013-05-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eAdobe\nColdFusion\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nCette vuln\u00e9rabilit\u00e9 est activement exploit\u00e9e.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Adobe ColdFusion",
  "vendor_advisories": [
    {
      "published_at": "2013-05-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSA13-03",
      "url": "http://www.adobe.com/support/security/advisories/apsa13-03.html"
    }
  ]
}

var-201305-0209

Vulnerability from variot

Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors. Adobe ColdFusion is prone to an information-disclosure vulnerability. Attackers can exploit this issue to retrieve files stored on the server and obtain sensitive information. This may aid in launching further attacks. Adobe ColdFusion is a dynamic web server product of Adobe (Adobe) in the United States, and the CFML (ColdFusion Markup Language) it runs is a programming language for web applications

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201305-0209",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "coldfusion",
        "scope": "eq",
        "trust": 2.8,
        "vendor": "adobe",
        "version": "9.0"
      },
      {
        "model": "coldfusion",
        "scope": "eq",
        "trust": 2.8,
        "vendor": "adobe",
        "version": "9.0.1"
      },
      {
        "model": "coldfusion",
        "scope": "eq",
        "trust": 2.5,
        "vendor": "adobe",
        "version": "9.0.2"
      },
      {
        "model": "coldfusion",
        "scope": "eq",
        "trust": 2.5,
        "vendor": "adobe",
        "version": "10.0"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2013-3336"
      },
      {
        "db": "BID",
        "id": "59773"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002608"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201305-206"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3336"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:adobe:coldfusion",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002608"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Marcin Siedlarz of Symantec Security Response",
    "sources": [
      {
        "db": "BID",
        "id": "59773"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-3336",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2013-3336",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-63338",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2013-3336",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2013-3336",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201305-206",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-63338",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2013-3336",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-63338"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-3336"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002608"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201305-206"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3336"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors. Adobe ColdFusion is prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to retrieve files stored on the server and obtain sensitive information. This may aid in launching further attacks. Adobe ColdFusion is a dynamic web server product of Adobe (Adobe) in the United States, and the CFML (ColdFusion Markup Language) it runs is a programming language for web applications",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-3336"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002608"
      },
      {
        "db": "BID",
        "id": "59773"
      },
      {
        "db": "VULHUB",
        "id": "VHN-63338"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-3336"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-63338",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=25305",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-63338"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-3336"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-3336",
        "trust": 2.9
      },
      {
        "db": "EXPLOIT-DB",
        "id": "25305",
        "trust": 1.2
      },
      {
        "db": "USCERT",
        "id": "TA15-119A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002608",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201305-206",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "59773",
        "trust": 0.4
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-78970",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-63338",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-3336",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-63338"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-3336"
      },
      {
        "db": "BID",
        "id": "59773"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002608"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201305-206"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3336"
      }
    ]
  },
  "id": "VAR-201305-0209",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-63338"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:16:36.461000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ColdFusion Security Hotfix APSB13-13",
        "trust": 0.8,
        "url": "https://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-13.html"
      },
      {
        "title": "APSA13-03",
        "trust": 0.8,
        "url": "http://www.adobe.com/support/security/advisories/apsa13-03.html"
      },
      {
        "title": "APSB13-13",
        "trust": 0.8,
        "url": "https://www.adobe.com/support/security/bulletins/apsb13-13.html"
      },
      {
        "title": "APSB13-13 (cq05140117)",
        "trust": 0.8,
        "url": "https://helpx.adobe.com/jp/coldfusion/kb/cq05140117.html"
      },
      {
        "title": "APSA13-03",
        "trust": 0.8,
        "url": "http://helpx.adobe.com/jp/coldfusion/kb/cq05081955.html?sdid=ISBTR"
      },
      {
        "title": "jok3r",
        "trust": 0.1,
        "url": "https://github.com/koutto/jok3r "
      },
      {
        "title": "jok3r",
        "trust": 0.1,
        "url": "https://github.com/84KaliPleXon3/jok3r "
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/adobe-patches-coldfusion-flash-reader-vulnerabilities/100628/"
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2013/05/10/ms_ie8_0day_fix_due_tuesday/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2013-3336"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002608"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-3336"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://www.adobe.com/support/security/advisories/apsa13-03.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.adobe.com/support/security/bulletins/apsb13-13.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.exploit-db.com/exploits/25305"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3336"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/ta/jvnta99041988/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3336"
      },
      {
        "trust": 0.8,
        "url": "https://www.us-cert.gov/ncas/alerts/ta15-119a"
      },
      {
        "trust": 0.3,
        "url": "http://www.adobe.com/products/coldfusion/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/vulnerabilities/adobe-apsb13-13-cve-2013-3336"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.exploit-db.com/exploits/25305/"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/modules/auxiliary/gather/coldfusion_pwd_props"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-63338"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-3336"
      },
      {
        "db": "BID",
        "id": "59773"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002608"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201305-206"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3336"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-63338"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-3336"
      },
      {
        "db": "BID",
        "id": "59773"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002608"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201305-206"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3336"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-05-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-63338"
      },
      {
        "date": "2013-05-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2013-3336"
      },
      {
        "date": "2013-05-08T00:00:00",
        "db": "BID",
        "id": "59773"
      },
      {
        "date": "2013-05-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-002608"
      },
      {
        "date": "2013-05-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201305-206"
      },
      {
        "date": "2013-05-09T12:31:19.857000",
        "db": "NVD",
        "id": "CVE-2013-3336"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-11-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-63338"
      },
      {
        "date": "2013-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2013-3336"
      },
      {
        "date": "2014-08-01T00:32:00",
        "db": "BID",
        "id": "59773"
      },
      {
        "date": "2015-05-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-002608"
      },
      {
        "date": "2013-05-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201305-206"
      },
      {
        "date": "2024-11-21T01:53:25.493000",
        "db": "NVD",
        "id": "CVE-2013-3336"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201305-206"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Adobe ColdFusion Vulnerable to reading arbitrary files",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002608"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201305-206"
      }
    ],
    "trust": 0.6
  }
}

gsd-2013-3336

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors.

Aliases

CVE-2013-3336

Aliases

CVE-2013-3336

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-3336",
    "description": "Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors.",
    "id": "GSD-2013-3336"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-3336"
      ],
      "details": "Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors.",
      "id": "GSD-2013-3336",
      "modified": "2023-12-13T01:22:23.144751Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2013-3336",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "25305",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/25305"
          },
          {
            "name": "http://www.adobe.com/support/security/advisories/apsa13-03.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/advisories/apsa13-03.html"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb13-13.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb13-13.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:9.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:9.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2013-3336"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.adobe.com/support/security/advisories/apsa13-03.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.adobe.com/support/security/advisories/apsa13-03.html"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb13-13.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.adobe.com/support/security/bulletins/apsb13-13.html"
            },
            {
              "name": "25305",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "http://www.exploit-db.com/exploits/25305"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-11-07T04:39Z",
      "publishedDate": "2013-05-09T12:31Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2013-3336 (GCVE-0-2013-3336)

Vulnerability from cvelistv5

ghsa-h3v4-8w95-f7j6

Vulnerability from github

CERTA-2013-AVI-312

Vulnerability from certfr_avis

Solution

fkie_cve-2013-3336

Vulnerability from fkie_nvd

CERTA-2013-ALE-004

Vulnerability from certfr_alerte

Solution

var-201305-0209

Vulnerability from variot

gsd-2013-3336

Vulnerability from gsd

Tags

Sightings

Nomenclature