CVE-2010-5290 Information

Description

The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read access to the configuration file a different vulnerability than CVE-2010-2861.

Reference

http://osvdb.org/97553 http://qualys.immunityinc.com/home/exploitpack/CANVAS/CF_directory_traversal http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/ https://exchange.xforce.ibmcloud.com/vulnerabilities/87740