Thursday, January 10, 2013

In Adobe ColdFusion found three zero-day vulnerabilities

Manufacturer to produce official fixes January 15, 2013

Adobe has warned users that its ColdFusion server solution contains three vulnerabilities that are actively exploited by hackers. Vulnerable are the solutions ColdFusion versions 9.0, 9.0.1, 9.0.2, and 10 for all supported operating systems.

One of the vulnerabilities could allow an attacker to take complete control over the system, bypassing the remote authentication system. Two more can be exploited to gain access to certain items and reveal important information.

According to the manufacturer, the vulnerability can be proekspluatirovany only if the system is enabled password protection functionality, or if the password is set. Official release of the security update is scheduled for January 15, 2013.

A detailed description of vulnerabilities can be found at:

No comments:

Post a Comment