<p>Adobe is recommending ColdFusion users apply a series of mitigations to counter active exploits against vulnerabilities in the application server. An advisory was released late Friday night that the trio of flaws are being targeted by attackers, and that the company would not have a patch available for another week.</p><p>"We are in the process of finalizing a fix for the issues and expect a hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX will be available on January 15, 2013," the advisory said.</p><p>Two of the vulnerabilities affect ColdFusion 10, 9.0.2, 9.0.1 and 9.0. The first, CVE-2013-0625, could enable an attacker to bypass authentication in place and remotely control a ColdFusion server. CVE-2013-0629, could allow an attacker to access restricted directories on a vulnerable server.</p><p>The third vulnerability, CVE-2013-0631, affects versions 9.0.2, 9.0.1 and 9.0 and could lead to a data leak.</p><p><a href="http://threatpost.com/en_us/blogs/adobe-coldfusion-exploits-wild-patch-remains-week-away-010713">Keep reading...</a></p><p>Read also:</p><p><a href="http://www.infoworld.com/d/security/adobe-warns-of-actively-exploited-coldfusion-flaws-210237">Adobe warns of actively exploited ColdFusion flaws</a> (InfoWorld)</p><p>Explore: <a href="http://news.google.com/news/more?ncl=dcjgM3fYEHsGWoMQxn9TECJuPJGrM&ned=us">17 additional articles.</a></p>