Vulnerability Details CVE-2013-0629
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.81
EPSS Ranking 99.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 4.3
Proposed Action
Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories.
Ransomware Campaign
Unknown
References
- http://www.adobe.com/support/security/advisories/apsa13-01.html
- http://www.adobe.com/support/security/bulletins/apsb13-03.html
- http://www.securityfocus.com/bid/57165
- http://www.adobe.com/support/security/advisories/apsa13-01.html
- http://www.adobe.com/support/security/bulletins/apsb13-03.html
- http://www.securityfocus.com/bid/57165
Products affected by CVE-2013-0629
-
cpe:2.3:a:adobe:coldfusion:10.0
-
cpe:2.3:a:adobe:coldfusion:9.0
-
cpe:2.3:a:adobe:coldfusion:9.0.1
-
cpe:2.3:a:adobe:coldfusion:9.0.2
-
cpe:2.3:o:apple:mac_os_x:-
-
cpe:2.3:o:microsoft:windows:-
-
cpe:2.3:o:opengroup:unix:-