FKIE_CVE-2010-0185

Vulnerability from fkie_nvd - Published: 2010-02-03 18:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which allows remote attackers to obtain collection metadata, search information, and index data via a request to an unspecified URL.
References
psirt@adobe.comhttp://kb2.adobe.com/cps/807/cpsid_80719.html
psirt@adobe.comhttp://osvdb.org/62037
psirt@adobe.comhttp://secunia.com/advisories/38387Vendor Advisory
psirt@adobe.comhttp://www.adobe.com/support/security/bulletins/apsb10-04.htmlVendor Advisory
psirt@adobe.comhttp://www.securityfocus.com/bid/38007
psirt@adobe.comhttp://www.securitytracker.com/id?1023519
psirt@adobe.comhttp://www.vupen.com/english/advisories/2010/0259Vendor Advisory
psirt@adobe.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/55997
af854a3a-2127-422b-91ae-364da2661108http://kb2.adobe.com/cps/807/cpsid_80719.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/62037
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38387Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/bulletins/apsb10-04.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/38007
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023519
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0259Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/55997
Impacted products
Vendor Product Version
adobe coldfusion 9.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "113431FB-E4BE-4416-800C-6B13AD1C0E92",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which allows remote attackers to obtain collection metadata, search information, and index data via a request to an unspecified URL."
    },
    {
      "lang": "es",
      "value": "La configuraci\u00f3n por defecto en Adobe ColdFusion v9.0 no limita el acceso a las colecciones que han sido creadas mediante el servicio Solr, lo que permite a atacantes remotos conseguir informaci\u00f3n de los metadatos, de b\u00fasquedas, y datos del indice a trav\u00e9s de una petici\u00f3n a una URL sin especificar."
    }
  ],
  "id": "CVE-2010-0185",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-02-03T18:30:00.610",
  "references": [
    {
      "source": "psirt@adobe.com",
      "url": "http://kb2.adobe.com/cps/807/cpsid_80719.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://osvdb.org/62037"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38387"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-04.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securityfocus.com/bid/38007"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securitytracker.com/id?1023519"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0259"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55997"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kb2.adobe.com/cps/807/cpsid_80719.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/62037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38387"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-04.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/38007"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1023519"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0259"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55997"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.