7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%
Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.
Recent assessments:
Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0
securityreason.com/securityalert/8137
securityreason.com/securityalert/8148
www.adobe.com/support/security/bulletins/apsb10-18.html
www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861
www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2861