The Adobe Security team has issued a security advisory for vulnerability (CVE-2013-3336) which could permit an unauthorized user to remotely retrieve files stored on the server. This vulnerability affects ColdFusion 10.x, 9.x, and earlier versions (on Windows, Mac and UNIX), but will not affect you if you have adhered to the recommendations in the Lockdown Guide (or if you’ve blocked all /cfide access).

Leave a Reply