Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and previous versions allow remote malicious users to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe coldfusion 9.0 |
||
adobe coldfusion 8.0.1 |
||
adobe coldfusion 8.0 |
||
adobe coldfusion |
'It works, and it's scary'
A recently patched vulnerability in Adobe's ColdFusion application server may be more serious than previously thought following the public release of exploit code and blog posts claiming it can be used to take full control of systems running the software. In a bulletin published last week, Adobe rated the directory traversal vulnerability “important,” the third-highest classification on its four-tier severity scale. “This directory traversal vulnerability could lead to information disclosu...