Lucene search

[email protected]CVE-2010-5290

HistorySep 20, 2013 - 4:55 p.m.

CVE-2010-5290

2013-09-2016:55:00

CWE-255

[email protected]

web.nvd.nist.gov

adobe

coldfusion

authentication

vulnerability

cve-2010-5290

nvd

9.1 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.006 Low

EPSS

Percentile

78.0%

JSON

The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read access to the configuration file, a different vulnerability than CVE-2010-2861.

CPENameOperatorVersion
adobe:coldfusionadobe coldfusioneq9.0
adobe:coldfusionadobe coldfusionle9.0.2
adobe:coldfusionadobe coldfusioneq9.0.1

CPE	Name	Operator	Version
adobe:coldfusion	adobe coldfusion	eq	9.0
adobe:coldfusion	adobe coldfusion	le	9.0.2
adobe:coldfusion	adobe coldfusion	eq	9.0.1

References

osvdb.org/97553

qualys.immunityinc.com/home/exploitpack/CANVAS/CF_directory_traversal

www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/

exchange.xforce.ibmcloud.com/vulnerabilities/87740

9.1 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.006 Low

EPSS

Percentile

78.0%

JSON

Related for CVE-2010-5290

prion2 packetstorm2 checkpoint_advisories1 exploitpack1 seebug2 attackerkb1 cisa_kev1 securityvulns1 metasploit1 cve1 nuclei1 openvas2 nessus1 canvas1 exploitdb1 thn1 threatpost1 nmap1