Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI Vulnerability CVE-2010-2861 Scanner Detail
There is a directory traversal vulnerability in the Adobe ColdFusion 9.0.1 and earlier, which allow remote attackers to read arbitrary files.
Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to
- (1) CFIDE/administrator/settings/mappings.cfm,
- (2) logging/settings.cfm,
- (3) datasources/index.cfm,
- (4) j2eepackaging/editarchive.cfm, and
- (5) enter.cfm
Some Advice for Common Problems
- Keep your Adobe ColdFusion application Up-to-Date.
- In addition to code update processes, organizations should also deploy WAFs to help identify active attacks.