Vulnerability Description
administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Coldfusion | 9.0 |
Related Weaknesses (CWE)
References
- http://www.adobe.com/support/security/advisories/apsa13-01.htmlMitigationVendor Advisory
- http://www.adobe.com/support/security/bulletins/apsb13-03.htmlBroken LinkVendor Advisory
- http://www.exploit-db.com/exploits/30210ExploitThird Party AdvisoryVDB Entry
- http://www.adobe.com/support/security/advisories/apsa13-01.htmlMitigationVendor Advisory
- http://www.adobe.com/support/security/bulletins/apsb13-03.htmlBroken LinkVendor Advisory
- http://www.exploit-db.com/exploits/30210ExploitThird Party AdvisoryVDB Entry
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-US Government Resource
FAQ
What is CVE-2013-0632?
CVE-2013-0632 is a vulnerability with a CVSS score of 9.8 (CRITICAL). administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the defaul...
How severe is CVE-2013-0632?
CVE-2013-0632 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2013-0632?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Coldfusion.