Vulnerability Description
The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read access to the configuration file, a different vulnerability than CVE-2010-2861.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Coldfusion | <= 9.0.2 |
Related Weaknesses (CWE)
References
- http://osvdb.org/97553
- http://qualys.immunityinc.com/home/exploitpack/CANVAS/CF_directory_traversal
- http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87740
- http://osvdb.org/97553
- http://qualys.immunityinc.com/home/exploitpack/CANVAS/CF_directory_traversal
- http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87740
FAQ
What is CVE-2010-5290?
CVE-2010-5290 is a vulnerability with a CVSS score of 10.0 (HIGH). The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to ob...
How severe is CVE-2010-5290?
CVE-2010-5290 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-5290?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Coldfusion.