Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2013-0632 | First vendor Publication | 2013-01-16 |
| Vendor | Cve | Last vendor Modification | 2025-02-13 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 9.8 | ||
| Base Score | 9.8 | Environmental Score | 9.8 |
| impact SubScore | 5.9 | Temporal Score | 9.8 |
| Exploitabality Sub Score | 3.9 | ||
| Attack Vector | Network | Attack Complexity | Low |
| Privileges Required | None | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0632 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-276 | Incorrect Default Permissions |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 4 |
ExploitDB Exploits
| id | Description |
|---|---|
| 2013-08-21 | Adobe ColdFusion 9 Administrative Login Bypass |
| 2013-04-10 | Adobe ColdFusion APSB13-03 Remote Exploit |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2016-11-03 | Adobe ColdFusion RDS admin bypass attempt RuleID : 40323 - Revision : 2 - Type : SERVER-OTHER |
| 2014-01-10 | Adobe ColdFusion component browser access attempt RuleID : 25977 - Revision : 3 - Type : POLICY-OTHER |
| 2014-01-10 | Adobe ColdFusion admin API access attempt RuleID : 25976 - Revision : 3 - Type : POLICY-OTHER |
| 2014-01-10 | Adobe ColdFusion admin interface access attempt RuleID : 25975 - Revision : 3 - Type : POLICY-OTHER |
Metasploit Database
| id | Description |
|---|---|
| 2013-08-08 | Adobe ColdFusion 9 Administrative Login Bypass |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-05-21 | Name : A web-based application running on the remote Windows host is affected by mul... File : coldfusion_win_apsb13-03.nasl - Type : ACT_GATHER_INFO |
| 2013-02-19 | Name : A web management interface running on the remote host is affected by an authe... File : coldfusion_apsb13-03_auth_bypass.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
| Source | Url |
|---|
Alert History
| Date | Informations |
|---|---|
| 2025-02-13 21:22:21 |
|
| 2025-02-05 00:21:47 |
|
| 2024-12-20 17:21:05 |
|
| 2024-11-28 12:33:15 |
|
| 2024-08-02 12:22:26 |
|
| 2024-08-02 01:06:36 |
|
| 2024-07-16 21:27:56 |
|
| 2024-02-02 01:21:47 |
|
| 2024-02-01 12:06:24 |
|
| 2023-09-05 12:20:35 |
|
| 2023-09-05 01:06:18 |
|
| 2023-09-02 12:20:36 |
|
| 2023-09-02 01:06:24 |
|
| 2023-08-12 12:24:38 |
|
| 2023-08-12 01:06:26 |
|
| 2023-08-11 12:20:45 |
|
| 2023-08-11 01:06:35 |
|
| 2023-08-06 12:19:58 |
|
| 2023-08-06 01:06:26 |
|
| 2023-08-04 12:20:02 |
|
| 2023-08-04 01:06:29 |
|
| 2023-07-14 12:20:00 |
|
| 2023-07-14 01:06:23 |
|
| 2023-03-29 01:22:00 |
|
| 2023-03-28 12:06:31 |
|
| 2022-10-11 12:17:53 |
|
| 2022-10-11 01:06:05 |
|
| 2021-05-04 12:23:28 |
|
| 2021-04-22 01:28:03 |
|
| 2020-05-23 13:17:01 |
|
| 2020-05-23 00:35:50 |
|
| 2016-03-05 13:24:29 |
|
| 2016-03-05 09:21:15 |
|
| 2014-02-17 11:16:03 |
|
| 2014-01-19 21:29:09 |
|
| 2014-01-17 13:19:27 |
|
| 2014-01-03 17:19:02 |
|
| 2013-09-09 21:21:27 |
|
| 2013-05-10 22:28:26 |
|
| 2013-01-17 21:21:25 |
|
| 2013-01-17 17:22:07 |
|
| 2013-01-17 13:20:55 |
|
