Adobe released a security advisory which identifies three vulnerabilities (CVE-2013-0625, CVE-2013-0629, CVE-2013-0631) affecting ColdFusion for Windows, Macintosh and Unix. They have received reports that these vulnerabilities are actively being exploited. Adobe is currently planning to release a fix for January 15, 2013.
Additional information and mitigations options available here.
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
Jan 5th 2013
7 years ago