Security Alert – ColdFusion Servers at Risk

By gTIC ·

On May 8, 2013, Adobe released a security advisory for a critical vulnerability that affects ColdFusion 10, 9.0.2, 9.0.1, 9.0, and earlier versions for Windows, Macintosh and UNIX environments. The vulnerability was identified to permit an unauthorized user to remotely retrieve files stored on the server.

Adobe advises that an exploit has been identified to be publicly available, and this vulnerability may be being actively exploited. Adobe recommends the mitigation step of restricting public access to the CFIDE/administrator, CFIDE/adminapi and CFIDE/gettingstarted* directories. Details on how to perform mitigation steps if they are not currently in place may be found within the Adobe Advisory.

As identified within the advisory, Adobe is anticipating an update to be available by May 14, 2013.

Adobe ColdFusion Advisory (https://www.adobe.com/support/security/advisories/apsa13-03.html) – CVE-2013-3336