CVE-2013-0625
published 2013-01-09CVE-2013-0625: Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code…
PriorityP194critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-09-07
Exploited in the wild
EPSS
93.80%
99.8th percentile
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | coldfusion | — | — |
| adobe | coldfusion | — | — |
| adobe | coldfusion | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated POST requests to /CFIDE/administrator/scheduler/scheduleedit.cfm, which is the vector for CVE-2013-0625 arbitrary command execution on ColdFusion 9.x. ↗
- →Detect HTTP requests to ColdFusion scheduler paths (/CFIDE/administrator/scheduler/scheduletasks.cfm and scheduleedit.cfm) that include a 'publish_file' parameter containing directory traversal sequences (e.g., '../../wwwroot/CFIDE/'). ↗
- →Alert on GET requests to /CFIDE/*.cfm containing both 'cmd=' and 'args=' query parameters, indicative of the exploit's remote execution mechanism. ↗
- →Look for the CFAUTHORIZATION_ cookie being set or manipulated in responses, as the exploit harvests and replays these cookies for authentication bypass. ↗
- →Flag exploitation attempts observed in the wild starting January 2013; prioritize patching and detection on internet-facing ColdFusion 9.0, 9.0.1, and 9.0.2 instances with no administrator password configured. ↗
- ·The authentication bypass (CVE-2013-0625) only applies when no administrator password is configured on ColdFusion 9.x. Instances with a password set are not directly vulnerable to this specific bypass vector. ↗
- ·The scheduleedit.cfm command execution vector (CVE-2013-0625) is limited to ColdFusion 9.x only; other versions use different exploit paths in this module. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mhww-rmfc-8prf: Adobe ColdFusion 9
ghsa_unreviewed·2022-05-17
CVE-2013-0625 [MEDIUM] CWE-287 GHSA-mhww-rmfc-8prf: Adobe ColdFusion 9
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.
VulnCheck
Adobe ColdFusion Authentication Bypass Vulnerability
vulncheck·2013·CVSS 9.8
CVE-2013-0625 [CRITICAL] CWE-255 Adobe ColdFusion Authentication Bypass Vulnerability
Adobe ColdFusion Authentication Bypass Vulnerability
Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.
Affected: Adobe ColdFusion
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.cve.org/CVERecord?id=CVE-2013-0625; https://www.adobe.com/support/security/advisories/apsa13-01.html; https://cisa.gov/news-events/alerts/2015/04/29/top-30-targeted-high-risk-vulnerabilities; https://www.us-cert.gov/ncas/alerts/TA15-119A; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://go.catonetworks.com/rs/245-RJK-441/images/CATO-NETWORKS-THREAT-REPORT2024.pdf; https://go.catonetworks.com/rs/245-RJK-441/images/Q2_24_Cato_CTRL_Threat
CISA
Adobe ColdFusion Authentication Bypass Vulnerability
cisa·2022-03-07·CVSS 9.8
CVE-2013-0625 [CRITICAL] CWE-255 Adobe ColdFusion Authentication Bypass Vulnerability
Vulnerability: Adobe ColdFusion Authentication Bypass Vulnerability
Affected: Adobe ColdFusion
Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2013-0625
Remediation Due Date: 2022-09-07
No detection rules found.
No writeups or analysis indexed.
http://www.adobe.com/support/security/advisories/apsa13-01.htmlhttp://www.adobe.com/support/security/bulletins/apsb13-03.htmlhttp://www.securityfocus.com/bid/57164http://www.adobe.com/support/security/advisories/apsa13-01.htmlhttp://www.adobe.com/support/security/bulletins/apsb13-03.htmlhttp://www.securityfocus.com/bid/57164https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0625
2013-01-09
Published
2022-03-07
Added to CISA KEV
Exploited in the wild