Adobe ColdFusion 'locale' Parameter Directory Traversal

high Nessus Plugin ID 48340

Synopsis

An application running on the remote web server is affected by a directory traversal vulnerability.

Description

The version of Adobe ColdFusion running on the remote host is affected by a directory traversal vulnerability in the administrative web interface. Input to the 'locale' parameter of multiple pages is not properly sanitized.

A remote, unauthenticated attacker can exploit this by sending specially crafted HTTP requests, allowing them to download arbitrary files from the system.

An attacker could use this to download the ColdFusion password file (which contains the admin password), thereby gaining access to the administrative web interface. Authenticated administrative access can result in arbitrary code execution.

Solution

Apply the hotfix referenced in Adobe's advisory.

See Also

http://www.nessus.org/u?eab312a6

http://www.nessus.org/u?552e9e62

https://www.adobe.com/support/security/bulletins/apsb10-18.html

http://www.nessus.org/u?bea698e8

Plugin Details

Severity: High

ID: 48340

File Name: coldfusion_locale_dir_traversal.nasl

Version: 1.27

Type: remote

Family: CGI abuses

Published: 8/16/2010

Updated: 4/25/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2010-2861

Vulnerability Information

CPE: cpe:/a:adobe:coldfusion

Required KB Items: installed_sw/ColdFusion

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 8/10/2010

Vulnerability Publication Date: 8/10/2010

CISA Known Exploited Vulnerability Due Dates: 4/15/2022

Exploitable With

CANVAS (CANVAS)

Core Impact

Reference Information

CVE: CVE-2010-2861

BID: 42342