{"vuid":"VU#113732","idnumber":"113732","name":"Adobe ColdFusion 9 & 10 code injection vulnerability","keywords":["CWE-434","coldfusion","code injection"],"overview":"Adobe ColdFusion 9, 9.0.1, 9.0.2 with the APSB13-03 hotfix and 10 are vulnerable to a code injection vulnerability when ColdFusion is configured to not require authentication and RDS is disabled.","clean_desc":"Adobe ColdFusion is vulnerable to a code injection attack when RDS is disabled and ColdFusion is configured to not require authentication. Adobe has released security bulletin APSB13-13 with more details regarding this vulnerability.","impact":"A remote unauthenticated attacker may be able to upload a malicious .cfm file to the server and have it executed.","resolution":"Apply an Update Adobe has released ColdFusion security hotfix APSB13-13 to address this vulnerability.","workarounds":"","sysaffected":"","thanks":"Thanks to Tenable Network Security for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["http://www.adobe.com/support/security/bulletins/apsb13-13.html","http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-13.html","http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-03.html","http://www.adobe.com/support/security/bulletins/apsb13-03.html","http://cwe.mitre.org/data/definitions/434.html"],"cveids":["CVE-2013-1389"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2013-02-18T15:16:34Z","publicdate":"2013-05-14T00:00:00Z","datefirstpublished":"2013-05-14T17:32:17Z","dateupdated":"2013-05-14T17:32:17Z","revision":19,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"8.8","cvss_basevector":"AV:N/AC:M/Au:N/C:C/I:C/A:N","cvss_temporalscore":"7.7","cvss_environmentalscore":"5.8","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}