Adobe ColdFusion Multiple Vulnerabilities (APSB13-03) (credentialed check)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

A web-based application running on the remote Windows host is affected
by multiple vulnerabilities.

Description :

The version of Adobe ColdFusion running on the remote host is missing
hotfixes that address the following vulnerabilities :

- An authentication bypass vulnerability exists that could
allow an unauthorized user to gain administrative
access. (CVE-2013-0625)

- A directory traversal vulnerability exists that could
allow an unauthorized user to gain administrative
access. (CVE-2013-0629)

- An unspecified information disclosure vulnerability
exists that affects servers that have already been
compromised. (CVE-2013-0631)

- Authentication bypass vulnerability exists that could
allow an unauthorized user to gain administrative
access. (CVE-2013-0632)

See also :

http://forums.adobe.com/message/4962104
http://www.nessus.org/u?832b0298
http://www.adobe.com/support/security/advisories/apsa13-01.html
http://www.adobe.com/support/security/bulletins/apsb13-03.html
http://www.nessus.org/u?d7a32ae4

Solution :

Apply the appropriate hotfixes referenced in Adobe security bulletin
APSB13-03.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 66526 ()

Bugtraq ID: 57164
57165
57166
57330

CVE ID: CVE-2013-0625
CVE-2013-0629
CVE-2013-0631
CVE-2013-0632

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now