Vulnerability Description
Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Coldfusion | <= 9.0.1 |
Related Weaknesses (CWE)
References
- http://securityreason.com/securityalert/8137Broken Link
- http://securityreason.com/securityalert/8148Broken Link
- http://www.adobe.com/support/security/bulletins/apsb10-18.htmlNot ApplicableVendor Advisory
- http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/Exploit
- http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07Broken Link
- http://securityreason.com/securityalert/8137Broken Link
- http://securityreason.com/securityalert/8148Broken Link
- http://www.adobe.com/support/security/bulletins/apsb10-18.htmlNot ApplicableVendor Advisory
- http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/Exploit
- http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07Broken Link
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-US Government Resource
FAQ
What is CVE-2010-2861?
CVE-2010-2861 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/adm...
How severe is CVE-2010-2861?
CVE-2010-2861 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2010-2861?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Coldfusion.