1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Adobe ColdFusion CVE-2013-0632

Web Attack: Adobe ColdFusion CVE-2013-0632

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt of authentication bypass vulnerability in adobe coldfusion which allow an attacker to take control of the affected system.

Additional Information

Adobe ColdFusion is an application for developing websites; it is available for various operating systems.

The application is prone to a remote authentication-bypass vulnerability. Specifically, this issue occurs because it fails to properly check the 'rdsPasswordAllowed' field when accessing the Administrator API CFC that is used for logging in.

An attacker can exploit this issue to bypass certain authentication process and potentially allow an attacker to take control of the affected system.

Note: This issue affects ColdFusion customers who do not have password protection enabled or do not have a password set.

Affected

  • Adobe ColdFusion 9.0, 9.0.1, 9.0.2 and 10.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube