Back to search

APSB10-18: Security updates available for Adobe ColdFusion (CVE-2010-2861)

Severity CVSS Published Added Modified
8 (AV:N/AC:L/Au:N/C:P/I:P/A:P) August 11, 2010 April 14, 2013 December 05, 2013

Available Exploits 

Description

Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

Apply Adobe's suggested fixes for APSB10-18

Adobe recommends affected ColdFusion customers update their installation using the instructions provided in the technote: http://kb2.adobe.com/cps/857/cpsid_85766.html.