ID

VAR-201305-0209


CVE

CVE-2013-3336


TITLE

Adobe ColdFusion Vulnerable to reading arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2013-002608

DESCRIPTION

Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors. Adobe ColdFusion is prone to an information-disclosure vulnerability. Attackers can exploit this issue to retrieve files stored on the server and obtain sensitive information. This may aid in launching further attacks. Adobe ColdFusion is a dynamic web server product of Adobe (Adobe) in the United States, and the CFML (ColdFusion Markup Language) it runs is a programming language for web applications

Trust: 2.07

sources: NVD: CVE-2013-3336 // JVNDB: JVNDB-2013-002608 // BID: 59773 // VULHUB: VHN-63338 // VULMON: CVE-2013-3336

AFFECTED PRODUCTS

vendor:adobemodel:coldfusionscope:eqversion:9.0

Trust: 2.8

vendor:adobemodel:coldfusionscope:eqversion:9.0.1

Trust: 2.8

vendor:adobemodel:coldfusionscope:eqversion:9.0.2

Trust: 2.5

vendor:adobemodel:coldfusionscope:eqversion:10.0

Trust: 2.5

sources: VULMON: CVE-2013-3336 // BID: 59773 // JVNDB: JVNDB-2013-002608 // CNNVD: CNNVD-201305-206 // NVD: CVE-2013-3336

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3336
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3336
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201305-206
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63338
value: MEDIUM

Trust: 0.1

VULMON: CVE-2013-3336
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3336
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-63338
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63338 // VULMON: CVE-2013-3336 // JVNDB: JVNDB-2013-002608 // CNNVD: CNNVD-201305-206 // NVD: CVE-2013-3336

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-3336

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-206

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201305-206

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002608

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-63338 // VULMON: CVE-2013-3336

PATCH

title:ColdFusion Security Hotfix APSB13-13url:https://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-13.html

Trust: 0.8

title:APSA13-03url:http://www.adobe.com/support/security/advisories/apsa13-03.html

Trust: 0.8

title:APSB13-13url:https://www.adobe.com/support/security/bulletins/apsb13-13.html

Trust: 0.8

title:APSB13-13 (cq05140117)url:https://helpx.adobe.com/jp/coldfusion/kb/cq05140117.html

Trust: 0.8

title:APSA13-03url:http://helpx.adobe.com/jp/coldfusion/kb/cq05081955.html?sdid=ISBTR

Trust: 0.8

title:jok3rurl:https://github.com/koutto/jok3r

Trust: 0.1

title:jok3rurl:https://github.com/84KaliPleXon3/jok3r

Trust: 0.1

title:Threatposturl:https://threatpost.com/adobe-patches-coldfusion-flash-reader-vulnerabilities/100628/

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2013/05/10/ms_ie8_0day_fix_due_tuesday/

Trust: 0.1

sources: VULMON: CVE-2013-3336 // JVNDB: JVNDB-2013-002608

EXTERNAL IDS

db:NVDid:CVE-2013-3336

Trust: 2.9

db:EXPLOIT-DBid:25305

Trust: 1.2

db:USCERTid:TA15-119A

Trust: 0.8

db:JVNDBid:JVNDB-2013-002608

Trust: 0.8

db:CNNVDid:CNNVD-201305-206

Trust: 0.7

db:BIDid:59773

Trust: 0.4

db:SEEBUGid:SSVID-78970

Trust: 0.1

db:VULHUBid:VHN-63338

Trust: 0.1

db:VULMONid:CVE-2013-3336

Trust: 0.1

sources: VULHUB: VHN-63338 // VULMON: CVE-2013-3336 // BID: 59773 // JVNDB: JVNDB-2013-002608 // CNNVD: CNNVD-201305-206 // NVD: CVE-2013-3336

REFERENCES

url:http://www.adobe.com/support/security/advisories/apsa13-03.html

Trust: 1.8

url:http://www.adobe.com/support/security/bulletins/apsb13-13.html

Trust: 1.2

url:http://www.exploit-db.com/exploits/25305

Trust: 1.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3336

Trust: 0.8

url:http://jvn.jp/ta/jvnta99041988/

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3336

Trust: 0.8

url:https://www.us-cert.gov/ncas/alerts/ta15-119a

Trust: 0.8

url:http://www.adobe.com/products/coldfusion/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://www.rapid7.com/db/vulnerabilities/adobe-apsb13-13-cve-2013-3336

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.exploit-db.com/exploits/25305/

Trust: 0.1

url:https://www.rapid7.com/db/modules/auxiliary/gather/coldfusion_pwd_props

Trust: 0.1

sources: VULHUB: VHN-63338 // VULMON: CVE-2013-3336 // BID: 59773 // JVNDB: JVNDB-2013-002608 // CNNVD: CNNVD-201305-206 // NVD: CVE-2013-3336

CREDITS

Marcin Siedlarz of Symantec Security Response

Trust: 0.3

sources: BID: 59773

SOURCES

db:VULHUBid:VHN-63338
db:VULMONid:CVE-2013-3336
db:BIDid:59773
db:JVNDBid:JVNDB-2013-002608
db:CNNVDid:CNNVD-201305-206
db:NVDid:CVE-2013-3336

LAST UPDATE DATE

2024-11-23T20:16:36.461000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-63338date:2013-11-07T00:00:00
db:VULMONid:CVE-2013-3336date:2013-11-07T00:00:00
db:BIDid:59773date:2014-08-01T00:32:00
db:JVNDBid:JVNDB-2013-002608date:2015-05-11T00:00:00
db:CNNVDid:CNNVD-201305-206date:2013-05-13T00:00:00
db:NVDid:CVE-2013-3336date:2024-11-21T01:53:25.493

SOURCES RELEASE DATE

db:VULHUBid:VHN-63338date:2013-05-09T00:00:00
db:VULMONid:CVE-2013-3336date:2013-05-09T00:00:00
db:BIDid:59773date:2013-05-08T00:00:00
db:JVNDBid:JVNDB-2013-002608date:2013-05-10T00:00:00
db:CNNVDid:CNNVD-201305-206date:2013-05-10T00:00:00
db:NVDid:CVE-2013-3336date:2013-05-09T12:31:19.857