Vulnerability CVE-2013-0632


Published: 2013-01-16

Description:
administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013.

See advisories in our WLB2 database:
Topic
Author
Date
High
Adobe ColdFusion APSB13-03 Remote Exploit
Jon Hart
10.04.2013
High
Adobe ColdFusion 9 Administrative Login Bypass
Scott Buckel
20.08.2013
High
Adobe ColdFusion 9/10 Administrative Login Bypass
Scott Buckel
11.12.2013

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Adobe -> Coldfusion 

 References:
http://www.exploit-db.com/exploits/30210
http://www.adobe.com/support/security/bulletins/apsb13-03.html
http://www.adobe.com/support/security/advisories/apsa13-01.html

Copyright 2020, cxsecurity.com

 

Back to Top