Vulnerability Description
The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which allows remote attackers to obtain collection metadata, search information, and index data via a request to an unspecified URL.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Coldfusion | 9.0 |
Related Weaknesses (CWE)
References
- http://kb2.adobe.com/cps/807/cpsid_80719.html
- http://osvdb.org/62037
- http://secunia.com/advisories/38387Vendor Advisory
- http://www.adobe.com/support/security/bulletins/apsb10-04.htmlVendor Advisory
- http://www.securityfocus.com/bid/38007
- http://www.securitytracker.com/id?1023519
- http://www.vupen.com/english/advisories/2010/0259Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55997
- http://kb2.adobe.com/cps/807/cpsid_80719.html
- http://osvdb.org/62037
- http://secunia.com/advisories/38387Vendor Advisory
- http://www.adobe.com/support/security/bulletins/apsb10-04.htmlVendor Advisory
- http://www.securityfocus.com/bid/38007
- http://www.securitytracker.com/id?1023519
- http://www.vupen.com/english/advisories/2010/0259Vendor Advisory
FAQ
What is CVE-2010-0185?
CVE-2010-0185 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which allows remote attackers to obtain collection metadata, searc...
How severe is CVE-2010-0185?
CVE-2010-0185 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0185?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Coldfusion.