Adobe Releases Security Update for ColdFusion

["US-CERT" <US-CERT () public govdelivery com>]

US Computer Emergency Readiness Team banner graphic

National Cyber Awareness System:

Adobe Releases Security Update for ColdFusion [ 
https://www.us-cert.gov/ncas/current-activity/2013/05/09/Adobe-Releases-Security-Advisory-ColdFusion ] 05/09/2013 09:52 
AM EDT 
Original release date: May 09, 2013 | Last revised: May 14, 2013

Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1, and 9.0 for Windows, Macintosh, and UNIX. This 
hotfix addresses a vulnerability (CVE-2013-1389) that could allow a remote attacker to execute arbitrary code and a 
vulnerability (CVE-2013-3336) that could permit an unauthorized user to remotely retrieve files stored on the server. 
There are reports that this vulnerability is being exploited in the wild.

US-CERT recommends that users and administrators review Adobe Security Advisory APSA13-03 [ 
http://www.adobe.com/support/security/advisories/apsa13-03.html ] and Adobe Security Bulletin APSB13-13 [ 
http://www.adobe.com/support/security/bulletins/apsb13-13.html ] and follow best-practice security policies to 
determine if their organization is affected and the appropriate response.

________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

________________________________________________________________________

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ] 

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]