We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Adobe patches actively exploited ColdFusion vulnerabilities

Adobe patches actively exploited ColdFusion vulnerabilities

Hotfixes were released for different ColdFusion versions

Article comments

Adobe released security patches for its ColdFusion application server yesterday, addressing four critical vulnerabilities that have been actively exploited by attackers since the beginning of January.

The company published a security advisory about the four vulnerabilities, identified as CVE-2013-0625, CVE-2013-0629, CVE-2013-0631 and CVE-2013-0632, on January 4 and said at the time that it was aware of these flaws being exploited in attacks against its customers.

Two of the vulnerabilities allows attackers to bypass the normal authentication restrictions of a ColdFusion application server in order to gain administrative access. Another flaw allows unauthorised users to access restricted directories, while the fourth can result in information disclosure on a compromised ColdFusion server.

Yesterday, Adobe released hotfixes for ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0. The company recommends that customers update their installations using the instructions provided in a help document for their respective product version.

Adobe classified these vulnerabilities as critical and assigned a priority rating of 1 - the highest available - to the released hotfixes.

Share:

Comments

Advertisement
Advertisement
Send to a friend

Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.


ComputerworldUK Knowledge Vault

ComputerworldUK
Share
x
Open
* *