Adobe ColdFusion exploit spreading

Share this article:

An exploit targeting a critical vulnerability in Adobe's ColdFusion application servers has been identified, according to a security advisory. Versions running on Windows, Macintosh and UNIX are affected.

The vulnerability (CVE-2013-3336) would allow an intruder to remotely siphon any files stored on the server. Adobe recommends users should restrict public access to administrator directors and reference ColdFusion best practices.

Adobe expects to resolve the issue with a “hotfix”, to be released Tuesday, the next scheduled update. This announcement comes on the heels of a “low-severity” issue in Reader and Acrobat that would allow someone to track a PDF document.

This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization. Your use of this website constitutes acceptance of Haymarket Media's Privacy Policy and Terms & Conditions