Original release date: May 09, 2013
Adobe has identified a critical vulnerability affecting ColdFusion 10, 9.0.2, 9.0.1, 9.0, and earlier versions for Windows, Macintosh, and UNIX. This vulnerability (CVE-2013-3336) could permit an unauthorized user to remotely retrieve files stored on a server. There are reports that an exploit of this vulnerability is publicly available.
US-CERT recommends users and administrators review Adobe Security Advisory APSA13-03. Please note that the advisory indicates that the workaround does not correct the vulnerability, but it may help mitigate the risk of exposure to this issue.
US-CERT will provide additional information as it becomes available.
This product is provided subject to this Notification and this Privacy & Use policy.