CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2013-3350

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1470%
EPSS Percentile26.51th
Published2013年7月10日
Last Modified2026年4月29日

Vulnerability Description

Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components (CFC) public methods via WebSockets.

Affected Platforms (CPE)

📦
Adobe

Coldfusion

= 10.0
📦
Adobe

Coldfusion

= 10.0
📦
Adobe

Coldfusion

= 10.0
📦
Adobe

Coldfusion

= 10.0
📦
Adobe

Coldfusion

= 10.0
📦
Adobe

Coldfusion

= 10.0

References & Advisories

🔗 http://stackoverflow.com/questions/17351214/cf10-websocket-p2p-can-invoke-any-public-functions-in-any-cfc-from-javascript-h
🔗 http://www.adobe.com/support/security/bulletins/apsb13-19.html
🔗 http://www.securitytracker.com/id/1028757
🔗 http://stackoverflow.com/questions/17351214/cf10-websocket-p2p-can-invoke-any-public-functions-in-any-cfc-from-javascript-h
🔗 http://www.adobe.com/support/security/bulletins/apsb13-19.html
🔗 http://www.securitytracker.com/id/1028757

相關漏洞威脅

CVE-2001-151410.0

ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly...

CVE-2010-529010.0

The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash...

CVE-1999-076010.0

Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional p...

CVE-2013-138910.0

Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9.0.1 before Update 10, 9.0.2 before Update 5, and 10 before U...