CVE-2013-0629
published 2013-01-09CVE-2013-0629: Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as…
PriorityP184high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-09-07
Exploited in the wild
EPSS
65.90%
99.2th percentile
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | coldfusion | — | — |
| adobe | coldfusion | — | — |
| adobe | coldfusion | — | — |
| adobe | coldfusion | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for HTTP GET/POST requests to ColdFusion scheduler paths (/CFIDE/administrator/scheduler/scheduletasks.cfm and scheduleedit.cfm) from unauthenticated or anomalous sources, which indicates exploitation of the directory traversal to drop files via scheduled task abuse. ↗
- →Detect use of directory traversal sequences (../../wwwroot/CFIDE/) in the 'publish_file' POST parameter to scheduleedit.cfm, which is the mechanism used to drop arbitrary files outside the web root. ↗
- →Alert on HTTP requests to /CFIDE/*.cfm containing query parameters 'cmd' and 'args', which indicates execution of a dropped ColdFusion webshell payload. ↗
- →Look for the CFAUTHORIZATION_ cookie being set or manipulated in responses/requests to ColdFusion admin paths, as the exploit harvests and replays these cookies for authentication bypass. ↗
- →Detect scheduled task creation via POST to scheduleedit.cfm with 'publish=1' and a 'publish_file' value containing path traversal sequences, indicating an attempt to write attacker-controlled content to disk. ↗
- ·The vulnerability is only exploitable when ColdFusion is configured WITHOUT a password (no admin password set). Instances with a password configured are not affected by CVE-2013-0629 alone. ↗
- ·The Metasploit module chains CVE-2013-0629 (directory traversal) with CVE-2013-0632 (authentication bypass) and CVE-2013-0625 (RCE via scheduleedit.cfm, 9.x only). Detection and remediation should account for all three CVEs together. ↗
- ·The exploit uses RDS credentials by default (USERDS option defaults to true). Environments with RDS disabled may partially mitigate the authentication bypass component, but the directory traversal itself may still be reachable. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
cisa7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-36vv-8mxf-q4m6: Adobe ColdFusion 9
ghsa_unreviewed·2022-05-17
CVE-2013-0629 [MEDIUM] GHSA-36vv-8mxf-q4m6: Adobe ColdFusion 9
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013.
VulnCheck
Adobe ColdFusion Directory Traversal Vulnerability
vulncheck·2013·CVSS 7.5
CVE-2013-0629 [HIGH] CWE-264 Adobe ColdFusion Directory Traversal Vulnerability
Adobe ColdFusion Directory Traversal Vulnerability
Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories.
Affected: Adobe ColdFusion
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.cve.org/CVERecord?id=CVE-2013-0629; https://www.adobe.com/support/security/advisories/apsa13-01.html; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-09-07
CISA
Adobe ColdFusion Directory Traversal Vulnerability
cisa·2022-03-07·CVSS 7.5
CVE-2013-0629 [HIGH] CWE-264 Adobe ColdFusion Directory Traversal Vulnerability
Vulnerability: Adobe ColdFusion Directory Traversal Vulnerability
Affected: Adobe ColdFusion
Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2013-0629
Remediation Due Date: 2022-09-07
No detection rules found.
No writeups or analysis indexed.
http://www.adobe.com/support/security/advisories/apsa13-01.htmlhttp://www.adobe.com/support/security/bulletins/apsb13-03.htmlhttp://www.securityfocus.com/bid/57165http://www.adobe.com/support/security/advisories/apsa13-01.htmlhttp://www.adobe.com/support/security/bulletins/apsb13-03.htmlhttp://www.securityfocus.com/bid/57165https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0629
2013-01-09
Published
2022-03-07
Added to CISA KEV
Exploited in the wild