Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.
References
Link | Resource |
---|---|
http://www.adobe.com/support/security/advisories/apsa13-01.html | Vendor Advisory |
http://www.adobe.com/support/security/bulletins/apsb13-03.html | Not Applicable |
http://www.securityfocus.com/bid/57164 | Broken Link Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
History
16 Jul 2024, 17:45
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:* |
|
CWE | CWE-287 | |
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 9.8 |
First Time |
Apple
Apple mac Os X Opengroup Opengroup unix Microsoft Microsoft windows |
|
References | () http://www.adobe.com/support/security/bulletins/apsb13-03.html - Not Applicable | |
References | () http://www.securityfocus.com/bid/57164 - Broken Link, Third Party Advisory, VDB Entry |
Information
Published : 2013-01-09 01:55
Updated : 2024-07-16 17:45
NVD link : CVE-2013-0625
Mitre link : CVE-2013-0625
CVE.ORG link : CVE-2013-0625
JSON object : View
Products Affected
microsoft
- windows
adobe
- coldfusion
apple
- mac_os_x
opengroup
- unix
CWE
CWE-287
Improper Authentication