A patch has recently been issued (09 APR 2013) by Adobe for the various versions of ColdFusion:
"This hotfix resolves a vulnerability that could be exploited to impersonate an authenticated user (CVE-2013-1387).
"This hotfix resolves a vulnerability that could be exploited by an unauthorized user to gain access to the ColdFusion administrator console (CVE-2013-1388)."
"This hotfix resolves a vulnerability that could be exploited to impersonate an authenticated user (CVE-2013-1387).
"This hotfix resolves a vulnerability that could be exploited by an unauthorized user to gain access to the ColdFusion administrator console (CVE-2013-1388)."
http://www.adobe.com/support/security/bulletins/apsb13-10.ht...