CVE-2010-0185 Information

Description

The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service which allows remote attackers to obtain collection metadata search information and index data via a request to an unspecified URL.

Reference

http://kb2.adobe.com/cps/807/cpsid_80719.html http://osvdb.org/62037 http://secunia.com/advisories/38387 http://www.adobe.com/support/security/bulletins/apsb10-04.html http://www.securityfocus.com/bid/38007 http://www.securitytracker.com/id?1023519 http://www.vupen.com/english/advisories/2010/0259 https://exchange.xforce.ibmcloud.com/vulnerabilities/55997