ColdFusion directory traversal


Directory traversal vulnerability in Adobe ColdFusion 9.0.1 and earlier allows attackers to obtain sensitive information. The vulnerability is a variation of a classic directory traversal vulnerability, also referred to as 'arbitrary file retrieval'. The attack involves tricking a server-side script to provide the contents of a file that it was not originally supposed to be made available. By 'moving up' a few directory levels, the attacker is able to obtain the contents of files outside the application server's webroot via special strings such as '../'.


Apply the fix provided by Adobe. Check Web References.