CVE-2010-2861 - Adobe ColdFusion Unspecified Directory Traversal Vulnerability

vendor:

ColdFusion

by:

leo

7,5

CVSS

HIGH

Directory Traversal

CWE

Product Name: ColdFusion

Affected Version From: Adobe ColdFusion 8.0 and earlier versions

Affected Version To: Adobe ColdFusion 8.0 and earlier versions

Patch Exists: YES

Related CWE: CVE-2010-2861

CPE: a:adobe:coldfusion:8.0

Metasploit: https://www.rapid7.com/db/vulnerabilities/adobe-apsb10-18-CVE-2010-2861/

Other Scripts: N/A

Tags: adobe,kev,vulhub,cve,cve2010,coldfusion,lfi

CVSS Metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

Nuclei References: https://github.com/vulhub/vulhub/tree/master/coldfusion/CVE-2010-2861, http://www.adobe.com/support/security/bulletins/apsb10-18.html, http://securityreason.com/securityalert/8148, http://securityreason.com/securityalert/8137, http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/

Nuclei Metadata: {'max-request': 1, 'shodan-query': 'http.component:"Adobe ColdFusion"', 'vendor': 'adobe', 'product': 'coldfusion'}

Platforms Tested: None

2010

CVE-2010-2861 – Adobe ColdFusion Unspecified Directory Traversal Vulnerability

Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.

Mitigation:

Adobe has released a security bulletin and patch to address this issue. Users are advised to apply the patch as soon as possible.

Source

CVE-2010-2861 – Adobe ColdFusion Unspecified Directory Traversal Vulnerability

Mitigation:

Exploit-DB raw data: