CVE-2010-2861 Information

Description

Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm (2) logging/settings.cfm (3) datasources/index.cfm (4) j2eepackaging/editarchive.cfm and (5) enter.cfm in CFIDE/administrator/.

Reference

http://securityreason.com/securityalert/8137 http://securityreason.com/securityalert/8148 http://www.adobe.com/support/security/bulletins/apsb10-18.html http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/ http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07