Skip to main content

Security Alert – ColdFusion Servers at Risk | Optiv

May 10, 2013

On May 8, 2013, Adobe released a security advisory for a critical vulnerability that affects ColdFusion 10, 9.0.2, 9.0.1, 9.0, and earlier versions for Windows, Macintosh and UNIX environments. The vulnerability was identified to permit an unauthorized user to remotely retrieve files stored on the server.

Adobe advises that an exploit has been identified to be publicly available, and this vulnerability may be being actively exploited. Adobe recommends the mitigation step of restricting public access to the CFIDE/administrator, CFIDE/adminapi and CFIDE/gettingstarted* directories. Details on how to perform mitigation steps if they are not currently in place may be found within the Adobe Advisory.

As identified within the advisory, Adobe is anticipating an update to be available by May 14, 2013.

Adobe ColdFusion Advisory (https://www.adobe.com/support/security/advisories/apsa13-03.html) – CVE-2013-3336

Related Blogs

May 10, 2018

Observations on Smoke Tests – Part 3

While attending one of our technology partner’s security training courses, the instructor presented on their product’s various features and capabiliti...

See Details

April 13, 2018

Observations on Smoke Tests – Part 2

There are a variety of scanning tools in the market today, from commercial to open source. Some are intended only for identifying a particular vulnera...

See Details

January 25, 2013

Cloud Information Security Webinar Recap

FishNet Security delivered another successful webinar focusing on cloud security and what you need to know to maximize your success in 2013.

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

RELATED INSIGHTS

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

May 09, 2018

Application Security

Learn how Optiv can help protect your most critical enterprise applications from both internal and external threats.

See Details

September 19, 2017

Governance Risk and Compliance Services

Optiv works with your organization to optimize its investment in RSA Archer.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.