| Adobe is recommending ColdFusion users apply a series of mitigations to counter active exploits against vulnerabilities in the application server. An advisory was released late Friday night that the trio of flaws are being targeted by attackers, and that the company would not have a patch available for another week.
“We are in the process of finalizing a fix for the issues and expect a hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX will be available on January 15, 2013,” the advisory said.
Two of the vulnerabilities affect ColdFusion 10, 9.0.2, 9.0.1 and 9.0. The first, CVE-2013-0625, could enable an attacker to bypass authentication in place and remotely control a ColdFusion server. CVE-2013-0629, could allow an attacker to access restricted directories on a vulnerable server.
The third vulnerability, CVE-2013-0631, affects versions 9.0.2, 9.0.1 and 9.0 and could lead to a data leak.
“Note that CVE-2013-0625 and CVE-2013-0629 only affect ColdFusion customers who do not have password protection enabled, or have no password set,” Adobe said in its advisory.
All of the vulnerabilities were given Adobe’s most critical rating. Read More .. |
Thank you for providing such useful information. I've been having trouble coming up with many questions about this topic. I'll stick with you slope
<h1>TCMT Insert</h1> For your CCGT Inserts
next business need or special project, Estool is your to-go RCGT Inserts
manufacturer in China. We offer the best-quality cutting inserts Carbide Milling Inserts
Carbide Inserts
ideal for WNMG Inserts
Cermet Inserts
any Threading Insert
application.