Description
An important vulnerability (CVE-2010-0185) has been identified in ColdFusion 9.0, which could allow access to collections created by the Solr Service to be accessed from any external machine using a specific URL. By accessing the ColdFusion Solr collections, a user could search and index the information contained in the collections. Adobe has provided a solution to the reported vulnerability. It is recommended that users update their product installations using the instructions provided below.
Remediation
Disable external access to the Solr collections.
References
Related Vulnerabilities
Plone CMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-5500)
Envoy Proxy Uncontrolled Resource Consumption Vulnerability (CVE-2020-12603)
WordPress Plugin Content Control-User Access Restriction Cross-Site Scripting (1.1.9)
WordPress Plugin Calendar_plugin Cross-Site Scripting (1.0)
MediaWiki Release of Invalid Pointer or Reference Vulnerability (CVE-2022-28203)