APP: Adobe ColdFusion Directory Traversal
This signature detects an attempt to exploit a known directory traversal vulnerability in Adobe ColdFusion. This is due to a design weakness in the ColdFusion administration console that fails to properly sanitize input passed to the admin page. Remote unauthenticated attackers can exploit this to retrieve arbitrary files from the target system through directory traversal, including password file for the ColdFusion administration console. With this password file, an attacker can upload and execute arbitrary ColdFusion code within the security context of System.
Extended Description
Adobe ColdFusion is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. Adobe ColdFusion 9.0.1 and prior are vulnerable.
Affected Products
Adobe coldfusion
Short Name
APP:ADOBE-CF-DIR-TRAV
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Adobe CVE-2010-2861 ColdFusion Directory Traversal bid:42342
Release Date
09/27/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Adobe
CVSS Score
7.5