-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2013-0044 Title: Hotfix available for ColdFusion [1] Version history: 21.05.2013 Initial publication Summary ======= Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. This hotfix addresses a vulnerability (CVE-2013-1389) that could allow remote arbitrary code execution on a system running ColdFusion, and a vulnerability (CVE-2013-3336) that could permit an unauthorized user to remotely retrieve files stored on the server. Adobe is aware of reports that CVE-2013-3336 (referenced in Security Advisory APSA13-03 [3]) is being exploited in the wild against ColdFusion customers. Adobe recommends users update their product installation using the instructions provided in the "Solution" section below. Vulnerable systems ================== ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. What can you do? ================ Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote [1]. More information ================ [1] http://www.adobe.com/support/security/bulletins/apsb13-13.html [2] http://web.nvd.nist.gov/ [3] http://www.adobe.com/support/security/advisories/apsa13-03.html Best regards, CERT-EU (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJRmyc1AAoJEPpzpNLI8SVoZSEP/RUsnEUVCu31yEzHglf0zFSR 867DQCS4aLm8nMHONZ4SUBZ52DiptoWSnUpf3Ck2twN7uekKJndyJLaLT/B8snev jRH18hCcRKIedY5oCtmZ5LryxB2NHSfcEjH2LjB+JbQ3fGqgTgPxt40TQvehQQCT Ny4APPEG106Yud17m8DfiYZvg9pRiNUG2QsFQ1NSdINrVyl/rOqO2g1XIuWI23kR 8Zl/eWrI4l+C36nl4g6dEla99ovj8ANhhpwbZThJVFqejbLog8/mZsz4Ag9sroXO mdHpBr8HiX0rbJdgd2FPtJnFOqXSOBhlSP/3L2Sm7ucdKyCfL8wxbMhnYr2PrNl9 40wmAUGIN60s3mv0du3s+clPXli3Fhgn5ZBy0nRgC+8WGGlbXdR8hOuxBQxBSLF5 S5MKk8V6ONE9pDmm5sKFY2d7QhlQzVE38Rf3yuVo7HdD+G/m/rFYHkTBuYh/zdk/ R+/jTXbqI1LqDo3wlqtNGILVi1oEHcuBTxzrG3may18U1+qCNJAZUMf6c5z/+78L YT8hNni5BhFd54oUrO4ElUKb11XIcJ5ePb1KBqbVbdRsBMAGS3ajCKYBcV729G3F j9zjszotfP8AlRBLNPDt6ILKIDZHReDuTGJkhJty+MwPtVC4cPE9LHq8BegQ5S9e 4m7rxtPBYrlGTnM08+fV =Bn0j -----END PGP SIGNATURE-----