Lucene search

PRIOn knowledge basePRION:CVE-2010-5290

HistorySep 20, 2013 - 4:55 p.m.

Design/Logic Flaw

2013-09-2016:55:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.006 Low

EPSS

Percentile

77.7%

JSON

The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read access to the configuration file, a different vulnerability than CVE-2010-2861.

CPENameOperatorVersion
coldfusioneq9.0
coldfusionle9.0.2
coldfusioneq9.0.1

Name	Operator	Version
coldfusion	eq	9.0
coldfusion	le	9.0.2
coldfusion	eq	9.0.1

References

osvdb.org/97553

qualys.immunityinc.com/home/exploitpack/CANVAS/CF_directory_traversal

www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/

exchange.xforce.ibmcloud.com/vulnerabilities/87740

7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.006 Low

EPSS

Percentile

77.7%

JSON

Related for PRION:CVE-2010-5290