CVE-2013-0629

Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified...

Basic Information

CVE State: PUBLISHED
Reserved Date: December 18, 2012
Published Date: January 09, 2013
Last Updated: February 04, 2025
Vendor: Adobe
Product: ColdFusion
Description: Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013.
Tags

CVSS Scores

CVSS v3.1

7.5 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2.0

4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (2022-03-07 00:00:00 UTC) Source

References

http://www.adobe.com/support/security/bulletins/apsb13-03.html http://www.securityfocus.com/bid/57165 http://www.adobe.com/support/security/advisories/apsa13-01.html

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-03-07 00:00:00 UTC

Timeline

CVE ID Reserved

December 18, 2012
CVE Published to Public

January 09, 2013
Added to KEVIntel

March 07, 2022