Adobe ColdFusion Multiple Vulnerabilities (APSA13-03)
Medium Nessus Plugin ID 66404
SynopsisA web-based application running on the remote host is affected by multiple vulnerabilities.
DescriptionThe version of Adobe ColdFusion running on the remote host is affected by the following vulnerabilities :
- A directory traversal vulnerability exists in /administrator/mail/download.cfm. A remote, authenticated attacker can exploit this issue to download arbitrary files.
- A local file include vulnerability exists in /adminapi/customtags/l10n.cfm. A remote, unauthenticated attacker can exploit this to execute local cfm files.
A remote, unauthenticated attacker can exploit both of these vulnerabilities, resulting in the download of arbitrary files as demonstrated in this plugin report.
SolutionApply the appropriate hotfix referenced in Adobe security bulletin APSB13-13.