← back
CVE-2013-0629

CVE-2013-0629

CVSS 7.5 HIGHEPSS 65.9%● KEV
In short

Adobe ColdFusion versions 9.0 through 10 can be accessed without proper authentication when no password is set, allowing attackers to view and manipulate restricted directories and sensitive data.

Technical detail

ColdFusion 9.0, 9.0.1, 9.0.2, and 10 fail to enforce authentication on restricted directories when administrator password is not configured, enabling unauthenticated directory traversal and access to sensitive resources. This vulnerability was actively exploited in the wild during January 2013.

Summary generated and translated by AI from the official description.
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/24946unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0629http://www.adobe.com/support/security/advisories/apsa13-01.htmlhttp://www.adobe.com/support/security/bulletins/apsb13-03.htmlhttp://www.securityfocus.com/bid/57165