administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: adobe
Published: 2013-01-17T00:00:00
Updated: 2024-08-06T14:33:05.651Z
Reserved: 2012-12-18T00:00:00
Link: CVE-2013-0632
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2013-01-17T00:55:01.200
Modified: 2024-12-20T14:29:50.157
Link: CVE-2013-0632
Redhat
No data.