CyberSec.Space Logo
CVEブラウザに戻る

CVE-2013-0625

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score84.8040%
EPSS Percentile88.47th
Published2013年1月9日
Last Modified2026年4月21日

Vulnerability Description

Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.

Affected Platforms (CPE)

📦
Adobe

Coldfusion

= 9.0
📦
Adobe

Coldfusion

= 9.0.1
📦
Adobe

Coldfusion

= 9.0.2

References & Advisories

🔗 http://www.adobe.com/support/security/advisories/apsa13-01.html
🔗 http://www.adobe.com/support/security/bulletins/apsb13-03.html
🔗 http://www.securityfocus.com/bid/57164
🔗 http://www.adobe.com/support/security/advisories/apsa13-01.html
🔗 http://www.adobe.com/support/security/bulletins/apsb13-03.html
🔗 http://www.securityfocus.com/bid/57164
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0625

関連する脆弱性情報

CVE-2001-151410.0

ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly...

CVE-2010-529010.0

The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash...

CVE-1999-076010.0

Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional p...

CVE-2013-138910.0

Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9.0.1 before Update 10, 9.0.2 before Update 5, and 10 before U...