Adobe ColdFusion Directory Traversal Vulnerability Network Vulnerability

Summary

Adobe ColdFusion is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. Adobe ColdFusion 9.0.1 and prior are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://www.adobe.com
http://www.adobe.com/products/coldfusion/
http://www.adobe.com/support/security/bulletins/apsb10-18.html
http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
http://www.procheckup.com/
https://www.securityfocus.com/bid/42342

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2861

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

aflog Cookie-Based Authentication Bypass Vulnerability
Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability
Adobe ColdFusion Directory Traversal Vulnerability
Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities

Take action and discover your vulnerabilities