Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI Vulnerability CVE-2010-2861 Scanner

Details
Stay Up To Date
Asset Type

domain,ip,url

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

15

Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI Vulnerability CVE-2010-2861 Scanner Detail

There is a directory traversal vulnerability in the Adobe ColdFusion 9.0.1 and earlier, which allow remote attackers to read arbitrary files.

Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to
  • (1) CFIDE/administrator/settings/mappings.cfm,
  • (2) logging/settings.cfm,
  • (3) datasources/index.cfm,
  • (4) j2eepackaging/editarchive.cfm, and
  • (5) enter.cfm
in CFIDE/administrator/.

Some Advice for Common Problems

  • Keep your Adobe ColdFusion application Up-to-Date.
  • In addition to code update processes, organizations should also deploy WAFs to help identify active attacks.

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service