← Voltar para CVEs
CVE-2010-2861
CRITICALCISA KEV9.8
Descricao
Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado8/11/2010
Ultima modificacao4/21/2026
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorAdobe
ProdutoColdFusion
Nome da vulnerabilidadeAdobe ColdFusion Directory Traversal Vulnerability
Data inclusao KEV2022-03-25
Prazo de remediacao2022-04-15
Uso em ransomwareKnown
Produtos afetados
adobe:coldfusion
Fraquezas (CWE)
CWE-22CWE-22
Referencias
http://securityreason.com/securityalert/8137(psirt@adobe.com)
http://securityreason.com/securityalert/8148(psirt@adobe.com)
http://www.adobe.com/support/security/bulletins/apsb10-18.html(psirt@adobe.com)
http://securityreason.com/securityalert/8137(af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/8148(af854a3a-2127-422b-91ae-364da2661108)
http://www.adobe.com/support/security/bulletins/apsb10-18.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/(af854a3a-2127-422b-91ae-364da2661108)
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2861(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.