CVE-2013-0631
published 2013-01-09CVE-2013-0631: Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013.
PriorityP277high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-09-07
Exploited in the wild
EPSS
65.87%
99.2th percentile
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | coldfusion | — | — |
| adobe | coldfusion | — | — |
| adobe | coldfusion | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- ·CVE-2013-0631 is described as exploiting 'unspecified vectors' — no technical details, attack paths, payloads, or indicators have been publicly disclosed in the available sources. No actionable IOCs or detection hints can be extracted. ↗
- ·CISA confirms active exploitation but provides no additional technical specifics beyond the NVD description. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
cisa7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g47v-r4wh-wjrq: Adobe ColdFusion 9
ghsa_unreviewed·2022-05-17
CVE-2013-0631 [MEDIUM] CWE-200 GHSA-g47v-r4wh-wjrq: Adobe ColdFusion 9
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013.
VulnCheck
Adobe ColdFusion Information Disclosure Vulnerability
vulncheck·2013·CVSS 7.5
CVE-2013-0631 [HIGH] CWE-200 Adobe ColdFusion Information Disclosure Vulnerability
Adobe ColdFusion Information Disclosure Vulnerability
Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server.
Affected: Adobe ColdFusion
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.cve.org/CVERecord?id=CVE-2013-0631; https://www.adobe.com/support/security/advisories/apsa13-01.html; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-09-07
CISA
Adobe ColdFusion Information Disclosure Vulnerability
cisa·2022-03-07·CVSS 7.5
CVE-2013-0631 [HIGH] CWE-200 Adobe ColdFusion Information Disclosure Vulnerability
Vulnerability: Adobe ColdFusion Information Disclosure Vulnerability
Affected: Adobe ColdFusion
Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2013-0631
Remediation Due Date: 2022-09-07
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.adobe.com/support/security/advisories/apsa13-01.htmlhttp://www.adobe.com/support/security/bulletins/apsb13-03.htmlhttp://www.adobe.com/support/security/advisories/apsa13-01.htmlhttp://www.adobe.com/support/security/bulletins/apsb13-03.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0631
2013-01-09
Published
2022-03-07
Added to CISA KEV
Exploited in the wild