Adobe ColdFusion Directory Traversal Vulnerability Network Vulnerability

Summary

Adobe ColdFusion is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. Adobe ColdFusion 9.0.1 and prior are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://www.adobe.com
http://www.adobe.com/products/coldfusion/
http://www.adobe.com/support/security/bulletins/apsb10-18.html
http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
http://www.procheckup.com/
https://www.securityfocus.com/bid/42342

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2861
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AWStats configdir parameter arbitrary cmd exec
AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
Apache Tomcat AJP Protocol Security Bypass Vulnerability
Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities
Arkeia Appliance Multiple Vulnerabilities

Take action and discover your vulnerabilities