CVE-2010-2861

Warnung

Exploit

EPSS 94.23%
Veröffentlicht 11.08.2010 18:47:51
Zuletzt bearbeitet 22.10.2025 01:15:37
Quelle psirt@adobe.com
CVE-Watchlists
Login
Unerledigt
Login

Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Adobe ≫ Coldfusion Version <= 9.0.1

25.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe ColdFusion Directory Traversal Vulnerability

Schwachstelle

A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	94.23%	0.999

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://securityreason.com/securityalert/8137

Broken Link

http://securityreason.com/securityalert/8148

Broken Link

http://www.adobe.com/support/security/bulletins/apsb10-18.html

Vendor Advisory

Not Applicable

http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/

Exploit

http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07

Broken Link

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2861

https://nvd.nist.gov/vuln/detail/CVE-2010-2861

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-2861

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-2861

EUVD