virus logo Intrusion Prevention

Adobe.ColdFusion.Administrator.Page.Directory.Traversal

description-logoDescription

This indicates an attack attempt against a directory-traversal vulnerability in Adobe ColdFusion.
A vulnerability has been reported in ColdFusion that may allow an attacker to disclose the contents of arbitrary files via directory traversal on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "locale" parameter value that is passed to administrator interface. An attacker may gain sensitive information by sending a craft http request.

affected-products-logoAffected Products

ColdFusion 8.0, 8.0.1, 9.0, 9.0.1 and earlier versions for Windows, Macintosh and UNIX

Impact logoImpact

Information Disclosure: Remote attackers can gain gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Refer to the vendor's web site for the suggested workaround:
http://www.adobe.com/support/security/bulletins/apsb10-18.html

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

http://www.exploit-db.com/exploits/16985/ http://www.exploit-db.com/exploits/14641/ http://www.vupen.com/english/advisories/2010/2065 http://www.adobe.com/support/security/bulletins/apsb10-18.html
ID 24123
Created Oct 25, 2010
Updated Sep 19, 2018
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2010-2861
Known Exploited Yes
Exploit Prediction Score 97.08%
Default Action drop
Active
Affected OS Windows, Linux, MacOS
Affected App Adobe