Intrusion Prevention

Adobe.ColdFusion.Administrator.Page.Directory.Traversal

Description

This indicates an attack attempt against a directory-traversal vulnerability in Adobe ColdFusion.
A vulnerability has been reported in ColdFusion that may allow an attacker to disclose the contents of arbitrary files via directory traversal on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "locale" parameter value that is passed to administrator interface. An attacker may gain sensitive information by sending a craft http request.

Affected Products

ColdFusion 8.0, 8.0.1, 9.0, 9.0.1 and earlier versions for Windows, Macintosh and UNIX

Impact

Information Disclosure: Remote attackers can gain gain sensitive information from vulnerable systems.

Recommended Actions

Refer to the vendor's web site for the suggested workaround:
http://www.adobe.com/support/security/bulletins/apsb10-18.html

CVE References

CVE-2010-2861