Description

An important vulnerability (CVE-2010-0185) has been identified in ColdFusion 9.0, which could allow access to collections created by the Solr Service to be accessed from any external machine using a specific URL. By accessing the ColdFusion Solr collections, a user could search and index the information contained in the collections. Adobe has provided a solution to the reported vulnerability. It is recommended that users update their product installations using the instructions provided below.

Remediation

Disable external access to the Solr collections.

References

ColdFusion 9: Limit access to the Solr collections

Related Vulnerabilities

WordPress Plugin WP Mailster Cross-Site Scripting (1.5.4.0)

WordPress Plugin Product Catalog SQL Injection (4.2.2)

WordPress Plugin Adminer Security Bypass (1.4.5)

Joomla! Core 3.x.x Security Bypass (3.1.0 - 3.8.12)

WordPress Plugin Unconfirmed Cross-Site Scripting (1.2.3)

Severity

High

Classification

CVE-2010-0185 CWE-264

Tags

Missing Update