Adobe patches actively exploited ColdFusion vulnerabilities

Hotfixes were released for different ColdFusion versions

Lucian Constantin (IDG News Service)
16 January, 2013 12:49
Comments

Adobe released security patches for its ColdFusion application server on Tuesday, addressing four critical vulnerabilities that have been actively exploited by attackers since the beginning of January.

The company published a security advisory about the four vulnerabilities, identified as CVE-2013-0625, CVE-2013-0629, CVE-2013-0631 and CVE-2013-0632, on Jan. 4 and said at the time that it was aware of these flaws being exploited in attacks against its customers.

Two of the vulnerabilities allows attackers to bypass the normal authentication restrictions of a ColdFusion application server in order to gain administrative access. Another flaw allows unauthorized users to access restricted directories, while the fourth can result in information disclosure on a compromised ColdFusion server.

On Tuesday, Adobe released hotfixes for ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0. The company recommends that customers update their installations using the instructions provided in a help document for their respective product version.

Adobe classified these vulnerabilities as critical and assigned a priority rating of 1 -- the highest available -- to the released hotfixes.

"every IT worker should be voting for Labor based on this article. ..."

Opposition calls for inquiry on 457 visas
"ROFL!!!!!"

Best Places spotlight: Jack Henry offers a high-energy workplace
"We made a price cheat sheet for them, makes it much easier ..."

Rackspace Australia launches hybrid cloud service
"You are one of the reasons IP addresses are blocked on most ..."

IoT: Aussies prepare to ship Wi-Fi connected lightbulbs
"firstly that article was way longer then was warranted. Secondly iPhone/iPad is ..."

Microsoft sticks it to the iPad with Windows-first Office strategy

Tags: patches, security, adobe, Exploits / vulnerabilities

Whitepapers

All whitepapers

Most Read

Sign up now to get free exclusive access to reports, research and invitation only events.

Most Commented

Featured Whitepapers

Enterprise Mobility Management: Embracing BYOD Through Secure App and Data Delivery

The transformation of computing through mobility, consumerisation, bring-your-own device (BYOD) and flex-work offers powerful benefits for today’s organisations - but it poses significant challenges for IT. The first response of many IT organisations to the influx of consumer-grade and employee-owned mobile devices has been to lock down and control every mobile device in the enterprise through mobile device management (MDM) solutions. Find out why Citrix enterprise mobility management is the best approach.

Featured Download

UltraISO

UltraISO is an ISO CD/DVD image file tool that creates, edits and converts. It is also a bootable CD/DVD maker that has the ability to ...

Zones

Most Popular Whitepapers

The Business Case for Better Disaster Recovery

With many backup and recovery strategies not keeping up with rampant data growth and increasing migration to virtual environments, many in-house IT budgets are stretched to breaking point. This whitepaper outlines the best practice in delivering a backup strategy that is efficient, effective and affordable. Click to download!

Popular tags: Business Management, Security, Storage, Data Centre, Virtualisation

Latest Jobs

FTPeoplesoft CRM DeveloperWA
FTTechnical Business AnalystNSW
FTPeoplesoft CRM DeveloperWA
FTJob Title: Mac Systems/ Enterprise Systems EngineerNZ
FTFlash / ActionScript Developer - ContractNSW
FTFlash / ActionScript Developer - ContractNSW
FTApplication Support ConsultantNSW
FTWeb Analyst - WebTrendsVIC
FTInvestment System Support ConsultantNSW
FTFlash / ActionScript Developer - ContractNSW
FTJunior Financial System Support ConsultantNSW

Market Place

Adobe patches actively exploited ColdFusion vulnerabilities

Recommended

Seeing through Google’s rose coloured glass darkly

How fast is Vodafone 4G?

Social data tool reveals value of an individual ...

New MacBook Air still stymies repairs, upgrades

IoT: Aussies prepare to ship Wi-Fi connected lightbulbs

UPDATED: 4G in Australia: The state of the nation

iPhone 6 rumour rollup for the week ending June 14

How to format an IT resumé

Will Netflix come to Australia?

NBN Co should take asbestos responsibility: analyst

Vodafone to shutdown 3 brand in August

ASIC has used s313 10 times to block websites

Conroy launches new digital strategy; reviews startup barriers

NextDC signs new customer for five years

Enterprise Mobility Management: Embracing BYOD Through Secure App and Data Delivery

Benefits of Deploying Microsoft Exchange Server 2010 on Dell Compellent with Data Progression

Governance For All - Empowering IT and Business Content Owners

Top 10 tips for Migration

UltraISO

Symantec Business Critical Virtualisation Content Zone

BlackBerry Enterprise Service 10 Zone

HP Tech Connect Resource Centre

The Business Case for Better Disaster Recovery

EMC's Flash Strategy

Best Practices to Make BYOD Simple and Secure

McAfee Complete Endpoint Protection - Enterprise

Business Continuity Planning IT Survival Guide

Computerworld newsletter

Don't have an account?

Adobe patches actively exploited ColdFusion vulnerabilities

Recommended

Computerworld newsletter