CVE-2010-2861
KEV
🔴 Łataj teraz
Wielokrotne luki w przechodzeniu katalogów w konsoli administratora Adobe ColdFusion pozwalają na zdalne odczytanie plików.
CVSS
9.8
EPSS
94.3%
Exploit
weaponized
Vendor
adobe
Opis źródłowy (NVD)
Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.
exploit path-traversal
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 94.3% |
| Opublikowano (NVD) | 2010-08-11 18:47:51 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-21 21:13:05 UTC |
Referencje
- http://securityreason.com/securityalert/8137 (psirt@adobe.com) [Broken Link]
- http://securityreason.com/securityalert/8148 (psirt@adobe.com) [Broken Link]
- http://www.adobe.com/support/security/bulletins/apsb10-18.html (psirt@adobe.com) [Not Applicable, Vendor Advisory]
- http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/ (psirt@adobe.com) [Exploit]
- http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07 (psirt@adobe.com) [Broken Link]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2861 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]