Vulnerability-Lookup

CVE-2010-2861 (GCVE-0-2010-2861)

Vulnerability from cvelistv5 – Published: 2010-08-11 18:00 – Updated: 2025-10-22 00:05

CISA KEV

Summary

Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

adobe

References

URL

Tags

	http://www.gnucitizen.org/blog/coldfusion-directo…	x_refsource_MISC
	http://www.procheckup.com/vulnerability_manager/v…	x_refsource_MISC
	http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
	http://securityreason.com/securityalert/8137	third-party-advisoryx_refsource_SREASON
	http://securityreason.com/securityalert/8148	third-party-advisoryx_refsource_SREASON

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 1b9de2fa-e1be-404d-9ad1-bdb74688f7d8

Vulnerability ID: CVE-2010-2861

Status: Confirmed

Status Updated: 2022-03-25 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2022-03-25

Asserted: 2022-03-25

Scope

Notes: KEV entry: Adobe ColdFusion Directory Traversal Vulnerability | Affected: Adobe / ColdFusion | Description: A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2010-2861

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-22
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	ColdFusion
Due Date	2022-04-15
Date Added	2022-03-25
Vendorproject	Adobe
Vulnerabilityname	Adobe ColdFusion Directory Traversal Vulnerability
Knownransomwarecampaignuse	Known

References

CVE-2010-2861

Created: 2026-02-02 12:28 UTC | Updated: 2026-02-06 07:17 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:46:48.523Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb10-18.html"
          },
          {
            "name": "8137",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8137"
          },
          {
            "name": "8148",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8148"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2010-2861",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T21:40:45.675706Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-25",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2861"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-22",
                "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T00:05:51.755Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2861"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-03-25T00:00:00+00:00",
            "value": "CVE-2010-2861 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-08-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-08-24T09:00:00.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb10-18.html"
        },
        {
          "name": "8137",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8137"
        },
        {
          "name": "8148",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8148"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2010-2861",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/",
              "refsource": "MISC",
              "url": "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/"
            },
            {
              "name": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07",
              "refsource": "MISC",
              "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb10-18.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb10-18.html"
            },
            {
              "name": "8137",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8137"
            },
            {
              "name": "8148",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8148"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2010-2861",
    "datePublished": "2010-08-11T18:00:00.000Z",
    "dateReserved": "2010-07-27T00:00:00.000Z",
    "dateUpdated": "2025-10-22T00:05:51.755Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2010-2861",
      "cwes": "[\"CWE-22\"]",
      "dateAdded": "2022-03-25",
      "dueDate": "2022-04-15",
      "knownRansomwareCampaignUse": "Known",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-2861",
      "product": "ColdFusion",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.",
      "vendorProject": "Adobe",
      "vulnerabilityName": "Adobe ColdFusion Directory Traversal Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2022-04-15",
      "cisaExploitAdd": "2022-03-25",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "Adobe ColdFusion Directory Traversal Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"9.0.1\", \"matchCriteriaId\": \"11239F7E-1C10-4F9C-BBFE-560094EA358A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de salto de directorio en la consola del administrador en ColdFusion de  Adobe versi\\u00f3n 9.0.1 y anteriores, permiten a los atacantes remotos leer archivos arbitrarios por medio del par\\u00e1metro locale en los archivos (1) CFIDE/administrador/configuraci\\u00f3n/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm y (5) enter.cfm en CFIDE/administrador/.\"}]",
      "evaluatorImpact": "We have calculated the CVSS score based on information provided via the following reference links:\r\n\r\nhttp://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07.\r\nhttp://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/",
      "id": "CVE-2010-2861",
      "lastModified": "2024-12-19T18:00:44.410",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2010-08-11T18:47:51.157",
      "references": "[{\"url\": \"http://securityreason.com/securityalert/8137\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://securityreason.com/securityalert/8148\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb10-18.html\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Not Applicable\", \"Vendor Advisory\"]}, {\"url\": \"http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://securityreason.com/securityalert/8137\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://securityreason.com/securityalert/8148\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb10-18.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\", \"Vendor Advisory\"]}, {\"url\": \"http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}]",
      "sourceIdentifier": "psirt@adobe.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-2861\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2010-08-11T18:47:51.157\",\"lastModified\":\"2025-10-22T01:15:37.297\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de salto de directorio en la consola del administrador en ColdFusion de  Adobe versi\u00f3n 9.0.1 y anteriores, permiten a los atacantes remotos leer archivos arbitrarios por medio del par\u00e1metro locale en los archivos (1) CFIDE/administrador/configuraci\u00f3n/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm y (5) enter.cfm en CFIDE/administrador/.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2022-03-25\",\"cisaActionDue\":\"2022-04-15\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Adobe ColdFusion Directory Traversal Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.0.1\",\"matchCriteriaId\":\"11239F7E-1C10-4F9C-BBFE-560094EA358A\"}]}]}],\"references\":[{\"url\":\"http://securityreason.com/securityalert/8137\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://securityreason.com/securityalert/8148\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb10-18.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Not Applicable\",\"Vendor Advisory\"]},{\"url\":\"http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://securityreason.com/securityalert/8137\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://securityreason.com/securityalert/8148\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb10-18.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\",\"Vendor Advisory\"]},{\"url\":\"http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2861\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}],\"evaluatorImpact\":\"We have calculated the CVSS score based on information provided via the following reference links:\\r\\n\\r\\nhttp://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07.\\r\\nhttp://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/\"}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb10-18.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://securityreason.com/securityalert/8137\", \"name\": \"8137\", \"tags\": [\"third-party-advisory\", \"x_refsource_SREASON\", \"x_transferred\"]}, {\"url\": \"http://securityreason.com/securityalert/8148\", \"name\": \"8148\", \"tags\": [\"third-party-advisory\", \"x_refsource_SREASON\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-07T02:46:48.523Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2010-2861\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T21:40:45.675706Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-03-25\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2861\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-03-25T00:00:00+00:00\", \"value\": \"CVE-2010-2861 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2861\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T21:40:53.904Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2010-08-10T00:00:00.000Z\", \"references\": [{\"url\": \"http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb10-18.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://securityreason.com/securityalert/8137\", \"name\": \"8137\", \"tags\": [\"third-party-advisory\", \"x_refsource_SREASON\"]}, {\"url\": \"http://securityreason.com/securityalert/8148\", \"name\": \"8148\", \"tags\": [\"third-party-advisory\", \"x_refsource_SREASON\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"shortName\": \"adobe\", \"dateUpdated\": \"2010-08-24T09:00:00.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/\", \"name\": \"http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/\", \"refsource\": \"MISC\"}, {\"url\": \"http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07\", \"name\": \"http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07\", \"refsource\": \"MISC\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb10-18.html\", \"name\": \"http://www.adobe.com/support/security/bulletins/apsb10-18.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://securityreason.com/securityalert/8137\", \"name\": \"8137\", \"refsource\": \"SREASON\"}, {\"url\": \"http://securityreason.com/securityalert/8148\", \"name\": \"8148\", \"refsource\": \"SREASON\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2010-2861\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"psirt@adobe.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2010-2861\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-22T00:05:51.755Z\", \"dateReserved\": \"2010-07-27T00:00:00.000Z\", \"assignerOrgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"datePublished\": \"2010-08-11T18:00:00.000Z\", \"assignerShortName\": \"adobe\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2010-2861

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-2861

Aliases

CVE-2010-2861

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-2861",
    "description": "Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.",
    "id": "GSD-2010-2861",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2010-2861"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-2861"
      ],
      "details": "Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.",
      "id": "GSD-2010-2861",
      "modified": "2023-12-13T01:21:31.271559Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2010-2861",
      "dateAdded": "2022-03-25",
      "dueDate": "2022-04-15",
      "product": "ColdFusion",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.",
      "vendorProject": "Adobe",
      "vulnerabilityName": "Adobe ColdFusion Directory Traversal Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2010-2861",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/",
            "refsource": "MISC",
            "url": "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/"
          },
          {
            "name": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07",
            "refsource": "MISC",
            "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb10-18.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb10-18.html"
          },
          {
            "name": "8137",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/8137"
          },
          {
            "name": "8148",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/8148"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:8.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.0.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2010-2861"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb10-18.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.adobe.com/support/security/bulletins/apsb10-18.html"
            },
            {
              "name": "8148",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/8148"
            },
            {
              "name": "8137",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/8137"
            },
            {
              "name": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07"
            },
            {
              "name": "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-09-24T03:39Z",
      "publishedDate": "2010-08-11T18:47Z"
    }
  }
}

FKIE_CVE-2010-2861

Vulnerability from fkie_nvd - Published: 2010-08-11 18:47 - Updated: 2025-10-22 01:15

CISA KEV

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@adobe.com	http://securityreason.com/securityalert/8137	Broken Link
psirt@adobe.com	http://securityreason.com/securityalert/8148	Broken Link
psirt@adobe.com	http://www.adobe.com/support/security/bulletins/apsb10-18.html	Not Applicable, Vendor Advisory
psirt@adobe.com	http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/	Exploit
psirt@adobe.com	http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8137	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8148	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb10-18.html	Not Applicable, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07	Broken Link
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2861

Impacted products

	Vendor	Product	Version
	adobe	coldfusion	*

JSON

To clipboard

{
  "cisaActionDue": "2022-04-15",
  "cisaExploitAdd": "2022-03-25",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Adobe ColdFusion Directory Traversal Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "11239F7E-1C10-4F9C-BBFE-560094EA358A",
              "versionEndIncluding": "9.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de salto de directorio en la consola del administrador en ColdFusion de  Adobe versi\u00f3n 9.0.1 y anteriores, permiten a los atacantes remotos leer archivos arbitrarios por medio del par\u00e1metro locale en los archivos (1) CFIDE/administrador/configuraci\u00f3n/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm y (5) enter.cfm en CFIDE/administrador/."
    }
  ],
  "evaluatorImpact": "We have calculated the CVSS score based on information provided via the following reference links:\r\n\r\nhttp://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07.\r\nhttp://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/",
  "id": "CVE-2010-2861",
  "lastModified": "2025-10-22T01:15:37.297",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2010-08-11T18:47:51.157",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://securityreason.com/securityalert/8137"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://securityreason.com/securityalert/8148"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Not Applicable",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-18.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://securityreason.com/securityalert/8137"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://securityreason.com/securityalert/8148"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-18.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2861"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CERTA-2010-AVI-378

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans ColdFusion permet à un utilisateur malveillant de porter atteinte à la confidentialité des données.

Description

Une vulnérabilité dans ColdFusion permet à un utilisateur malveillant de parcourir l'arborescence des fichiers au-delà de ce qui lui est autorisé (directory traversal). Il peut accéder sans droit légitime à des informations sensibles.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

ColdFusion, version 9.0.1 et versions antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB10-18 du 10 août 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eColdFusion, version 9.0.1 et versions  ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans ColdFusion permet \u00e0 un utilisateur malveillant de\nparcourir l\u0027arborescence des fichiers au-del\u00e0 de ce qui lui est autoris\u00e9\n(directory traversal). Il peut acc\u00e9der sans droit l\u00e9gitime \u00e0 des\ninformations sensibles.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-2861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2861"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-378",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-08-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans ColdFusion permet \u00e0 un utilisateur malveillant de\nporter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans ColdFusion",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB10-18 du 10 ao\u00fbt 2010",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-18.html"
    }
  ]
}

CERTA-2010-AVI-378

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans ColdFusion permet à un utilisateur malveillant de porter atteinte à la confidentialité des données.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

ColdFusion, version 9.0.1 et versions antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB10-18 du 10 août 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eColdFusion, version 9.0.1 et versions  ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans ColdFusion permet \u00e0 un utilisateur malveillant de\nparcourir l\u0027arborescence des fichiers au-del\u00e0 de ce qui lui est autoris\u00e9\n(directory traversal). Il peut acc\u00e9der sans droit l\u00e9gitime \u00e0 des\ninformations sensibles.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-2861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2861"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-378",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-08-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans ColdFusion permet \u00e0 un utilisateur malveillant de\nporter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans ColdFusion",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB10-18 du 10 ao\u00fbt 2010",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-18.html"
    }
  ]
}

GHSA-X38C-XQ6C-937H

Vulnerability from github – Published: 2022-05-17 05:04 – Updated: 2025-10-22 03:30

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-2861"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-08-11T18:47:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.",
  "id": "GHSA-x38c-xq6c-937h",
  "modified": "2025-10-22T03:30:28Z",
  "published": "2022-05-17T05:04:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2861"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2861"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8137"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8148"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-18.html"
    },
    {
      "type": "WEB",
      "url": "http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861"
    },
    {
      "type": "WEB",
      "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-2861 (GCVE-0-2010-2861)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

GSD-2010-2861

FKIE_CVE-2010-2861

CERTA-2010-AVI-378

Description

Solution

CERTA-2010-AVI-378

Description

Solution

GHSA-X38C-XQ6C-937H

Tags

Sightings

Nomenclature