Adobe Releases Security Advisory for ColdFusion

Adobe has identified a critical vulnerability affecting ColdFusion 10, 9.0.2, 9.0.1, 9.0, and earlier versions for Windows, Macintosh, and UNIX. This vulnerability (CVE-2013-3336) could permit an unauthorized user to remotely retrieve files stored on a server. There are reports that an exploit of this vulnerability is publicly available.

US-CERT recommends users and administrators review Adobe Security Advisory APSA13-03. Please note that the advisory indicates that the workaround does not correct the vulnerability, but it may help mitigate the risk of exposure to this issue.