1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Coldfusion Unauthorized Download CVE-2013-3336

Web Attack: Coldfusion Unauthorized Download CVE-2013-3336

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit an unauthorized file retrieval vulnerability in Adobe Coldfusion.

Additional Information

Adobe ColdFusion is an application for developing websites; it is available for various operating systems.

The application is prone to an information-disclosure vulnerability. This issue occurs because of an error related to restricting access to the 'CFIDE/administrator', 'CFIDE/adminapi' and 'CFIDE/gettingstarted ' directories.

Attackers can exploit this issue to retrieve files stored on the server and obtain sensitive information. This may aid in launching further attacks.

Affected

  • Adobe ColdFusion 9.0.1
  • Adobe ColdFusion 9.0
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube