CVE-2010-2861 - OpenCVE

Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Adobe	Coldfusion

Configuration 1 [-]

cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://securityreason.com/securityalert/8137
http://securityreason.com/securityalert/8148
http://www.adobe.com/support/security/bulletins/apsb10-18.html
http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07

History

No history.

MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2010-08-11T18:00:00

Updated: 2024-08-07T02:46:48.523Z

Reserved: 2010-07-27T00:00:00

Link: CVE-2010-2861

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2010-08-11T18:47:51.157

Modified: 2024-07-16T17:49:02.617

Link: CVE-2010-2861

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-08-10T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-08-24T09:00:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/"}, {"tags": ["x_refsource_MISC"], "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-18.html"}, {"name": "8137", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8137"}, {"name": "8148", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8148"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "ID": "CVE-2010-2861", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/", "refsource": "MISC", "url": "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/"}, {"name": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07", "refsource": "MISC", "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07"}, {"name": "http://www.adobe.com/support/security/bulletins/apsb10-18.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb10-18.html"}, {"name": "8137", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8137"}, {"name": "8148", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8148"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:46:48.523Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-18.html"}, {"name": "8137", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/8137"}, {"name": "8148", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/8148"}]}]}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2010-2861", "datePublished": "2010-08-11T18:00:00", "dateReserved": "2010-07-27T00:00:00", "dateUpdated": "2024-08-07T02:46:48.523Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"cisaActionDue": "2022-04-15", "cisaExploitAdd": "2022-03-25", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Adobe ColdFusion Directory Traversal Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*", "matchCriteriaId": "11239F7E-1C10-4F9C-BBFE-560094EA358A", "versionEndIncluding": "9.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de salto de directorio en la consola del administrador en ColdFusion de Adobe versi\u00f3n 9.0.1 y anteriores, permiten a los atacantes remotos leer archivos arbitrarios por medio del par\u00e1metro locale en los archivos (1) CFIDE/administrador/configuraci\u00f3n/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm y (5) enter.cfm en CFIDE/administrador/."}], "evaluatorImpact": "We have calculated the CVSS score based on information provided via the following reference links:\r\n\r\nhttp://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07.\r\nhttp://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/", "id": "CVE-2010-2861", "lastModified": "2024-07-16T17:49:02.617", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2010-08-11T18:47:51.157", "references": [{"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://securityreason.com/securityalert/8137"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://securityreason.com/securityalert/8148"}, {"source": "psirt@adobe.com", "tags": ["Not Applicable", "Vendor Advisory"], "url": "http://www.adobe.com/support/security/bulletins/apsb10-18.html"}, {"source": "psirt@adobe.com", "tags": ["Exploit"], "url": "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}