A critical vulnerability(CVE-2013-3336) has been identified in the Adobe ColdFusion - a commercial rapid web application development platform. The security flaw allows hackers to remotely retrieve files stored on the server.
ColdFusion 10, 9.0.2, 9.0.1 and 9.0 and earlier versions for Windows, Macintosh and UNIX are affected.
Adobe in their security advisory warns that the vulnerability is already being exploited in the wild.
The company is in the process of finalizing a fix for this bug and expects it to be available on May 14, 2013.
In the meantime, the company offered a mitigation for this issue. Users can protect themselves by restricting public access to the CFIDE/administrator, CFIDE/adminapi and CFIDE/gettingstarted directories.