Adobe patches actively exploited ColdFusion vulnerabilities
- 16 January, 2013 12:49
Adobe released security patches for its ColdFusion application server on Tuesday, addressing four critical vulnerabilities that have been actively exploited by attackers since the beginning of January.
The company published a security advisory about the four vulnerabilities, identified as CVE-2013-0625, CVE-2013-0629, CVE-2013-0631 and CVE-2013-0632, on Jan. 4 and said at the time that it was aware of these flaws being exploited in attacks against its customers.
Two of the vulnerabilities allows attackers to bypass the normal authentication restrictions of a ColdFusion application server in order to gain administrative access. Another flaw allows unauthorized users to access restricted directories, while the fourth can result in information disclosure on a compromised ColdFusion server.
On Tuesday, Adobe released hotfixes for ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0. The company recommends that customers update their installations using the instructions provided in a help document for their respective product version.
Adobe classified these vulnerabilities as critical and assigned a priority rating of 1 -- the highest available -- to the released hotfixes.
Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.
- Key Factors in Modernising Backup and Recovery
- Power of Three: Building Mobile Initiatives Guided by Business Goals, Technology and Governance
- How Web Security Improves Productivity and Compliance
- Top Five Reasons Why Customers Deploy a Flash 1st Strategy on EMC VNX Storage
- Data Centre Physical Infrastructure: Optimising Business Value
Opposition calls for inquiry on 457 visas
Best Places spotlight: Jack Henry offers a high-energy workplace
Rackspace Australia launches hybrid cloud service
IoT: Aussies prepare to ship Wi-Fi connected lightbulbs
Microsoft sticks it to the iPad with Windows-first Office strategy