Vulnerability Details : CVE-2013-3336
Public exploit exists!
Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors.
Exploit prediction scoring system (EPSS) score for CVE-2013-3336
Probability of exploitation activity in the next 30 days: 97.33%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2013-3336
-
ColdFusion 'password.properties' Hash Extraction
Disclosure Date: 2013-05-07First seen: 2020-04-26auxiliary/gather/coldfusion_pwd_propsThis module uses a directory traversal vulnerability to extract information such as password, rdspassword, and "encrypted" properties. This module has been tested successfully on ColdFusion 9 and ColdFusion 10 (auto-detect). Authors: - HTP - sinn3r <sinn3r@metas
CVSS scores for CVE-2013-3336
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2013-3336
-
http://www.adobe.com/support/security/advisories/apsa13-03.html
Adobe - Security Advisories: APSA13-03 - Security Advisory for ColdFusionVendor Advisory
-
http://www.exploit-db.com/exploits/25305
ColdFusion 9-10 - Credential Disclosure - Multiple webapps Exploit
-
http://www.adobe.com/support/security/bulletins/apsb13-13.html
Adobe - Security Bulletins: APSB13-13 - Security update: Hotfix available for ColdFusion
Products affected by CVE-2013-3336
- cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:9.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:9.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:10.0:*:*:*:*:*:*:*