Sign-up

ID

VAR-201305-0209


CVE

CVE-2013-3336


TITLE

Adobe ColdFusion Vulnerable to reading arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2013-002608

DESCRIPTION

Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors. Adobe ColdFusion is prone to an information-disclosure vulnerability. Attackers can exploit this issue to retrieve files stored on the server and obtain sensitive information. This may aid in launching further attacks. Adobe ColdFusion is a dynamic web server product of Adobe (Adobe) in the United States, and the CFML (ColdFusion Markup Language) it runs is a programming language for web applications

Trust: 2.07

sources: NVD: CVE-2013-3336 // JVNDB: JVNDB-2013-002608 // BID: 59773 // VULHUB: VHN-63338 // VULMON: CVE-2013-3336

AFFECTED PRODUCTS

vendor:adobemodel:coldfusionscope:eqversion:9.0

Trust: 2.8

vendor:adobemodel:coldfusionscope:eqversion:9.0.1

Trust: 2.8

vendor:adobemodel:coldfusionscope:eqversion:9.0.2

Trust: 2.5

vendor:adobemodel:coldfusionscope:eqversion:10.0

Trust: 2.5

sources: VULMON: CVE-2013-3336 // BID: 59773 // JVNDB: JVNDB-2013-002608 // CNNVD: CNNVD-201305-206 // NVD: CVE-2013-3336

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3336
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3336
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201305-206
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63338
value: MEDIUM

Trust: 0.1

VULMON: CVE-2013-3336
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3336
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-63338
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63338 // VULMON: CVE-2013-3336 // JVNDB: JVNDB-2013-002608 // CNNVD: CNNVD-201305-206 // NVD: CVE-2013-3336

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-3336

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-206

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201305-206

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002608

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-63338 // 
            
            
            
            VULMON: CVE-2013-3336

PATCH
title:ColdFusion Security Hotfix APSB13-13url:https://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-13.html
Trust: 0.8
title:APSA13-03url:http://www.adobe.com/support/security/advisories/apsa13-03.html
Trust: 0.8
title:APSB13-13url:https://www.adobe.com/support/security/bulletins/apsb13-13.html
Trust: 0.8
title:APSB13-13 (cq05140117)url:https://helpx.adobe.com/jp/coldfusion/kb/cq05140117.html
Trust: 0.8
title:APSA13-03url:http://helpx.adobe.com/jp/coldfusion/kb/cq05081955.html?sdid=ISBTR
Trust: 0.8
title:jok3rurl:https://github.com/koutto/jok3r 
Trust: 0.1
title:jok3rurl:https://github.com/84KaliPleXon3/jok3r 
Trust: 0.1
title:Threatposturl:https://threatpost.com/adobe-patches-coldfusion-flash-reader-vulnerabilities/100628/
Trust: 0.1
title:The Registerurl:https://www.theregister.co.uk/2013/05/10/ms_ie8_0day_fix_due_tuesday/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2013-3336 // 
            
            
            
            JVNDB: JVNDB-2013-002608

EXTERNAL IDS
db:NVDid:CVE-2013-3336
Trust: 2.9
db:EXPLOIT-DBid:25305
Trust: 1.2
db:USCERTid:TA15-119A
Trust: 0.8
db:JVNDBid:JVNDB-2013-002608
Trust: 0.8
db:CNNVDid:CNNVD-201305-206
Trust: 0.7
db:BIDid:59773
Trust: 0.4
db:SEEBUGid:SSVID-78970
Trust: 0.1
db:VULHUBid:VHN-63338
Trust: 0.1
db:VULMONid:CVE-2013-3336
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63338 // 
            
            
            
            VULMON: CVE-2013-3336 // 
            
            
            
            BID: 59773 // 
            
            
            
            JVNDB: JVNDB-2013-002608 // 
            
            
            
            CNNVD: CNNVD-201305-206 // 
            
            
            
            NVD: CVE-2013-3336

REFERENCES
url:http://www.adobe.com/support/security/advisories/apsa13-03.html
Trust: 1.8
url:http://www.adobe.com/support/security/bulletins/apsb13-13.html
Trust: 1.2
url:http://www.exploit-db.com/exploits/25305
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3336
Trust: 0.8
url:http://jvn.jp/ta/jvnta99041988/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3336
Trust: 0.8
url:https://www.us-cert.gov/ncas/alerts/ta15-119a
Trust: 0.8
url:http://www.adobe.com/products/coldfusion/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://www.rapid7.com/db/vulnerabilities/adobe-apsb13-13-cve-2013-3336
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.exploit-db.com/exploits/25305/
Trust: 0.1
url:https://www.rapid7.com/db/modules/auxiliary/gather/coldfusion_pwd_props
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63338 // 
            
            
            
            VULMON: CVE-2013-3336 // 
            
            
            
            BID: 59773 // 
            
            
            
            JVNDB: JVNDB-2013-002608 // 
            
            
            
            CNNVD: CNNVD-201305-206 // 
            
            
            
            NVD: CVE-2013-3336

CREDITS
Marcin Siedlarz of Symantec Security Response
Trust: 0.3
sources:
            
            
            BID: 59773

SOURCES
db:VULHUBid:VHN-63338
db:VULMONid:CVE-2013-3336
db:BIDid:59773
db:JVNDBid:JVNDB-2013-002608
db:CNNVDid:CNNVD-201305-206
db:NVDid:CVE-2013-3336

LAST UPDATE DATE
2024-08-14T13:04:48.548000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63338date:2013-11-07T00:00:00
db:VULMONid:CVE-2013-3336date:2013-11-07T00:00:00
db:BIDid:59773date:2014-08-01T00:32:00
db:JVNDBid:JVNDB-2013-002608date:2015-05-11T00:00:00
db:CNNVDid:CNNVD-201305-206date:2013-05-13T00:00:00
db:NVDid:CVE-2013-3336date:2013-11-07T04:39:10.123

SOURCES RELEASE DATE
db:VULHUBid:VHN-63338date:2013-05-09T00:00:00
db:VULMONid:CVE-2013-3336date:2013-05-09T00:00:00
db:BIDid:59773date:2013-05-08T00:00:00
db:JVNDBid:JVNDB-2013-002608date:2013-05-10T00:00:00
db:CNNVDid:CNNVD-201305-206date:2013-05-10T00:00:00
db:NVDid:CVE-2013-3336date:2013-05-09T12:31:19.857