Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 APP:ADOBE-CF-DIR-TRAV

Severity

 Critical

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 Adobe ColdFusion Directory Traversal

Release Date

 2010/09/27

Update Number

 1780

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

APP: Adobe ColdFusion Directory Traversal


This signature detects an attempt to exploit a known directory traversal vulnerability in Adobe ColdFusion. This is due to a design weakness in the ColdFusion administration console that fails to properly sanitize input passed to the admin page. Remote unauthenticated attackers can exploit this to retrieve arbitrary files from the target system through directory traversal, including password file for the ColdFusion administration console. With this password file, an attacker can upload and execute arbitrary ColdFusion code within the security context of System.

Extended Description

Adobe ColdFusion is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. Adobe ColdFusion 9.0.1 and prior are vulnerable.

Affected Products

  • Adobe ColdFusion 8.0
  • Adobe ColdFusion 8.0.1
  • Adobe ColdFusion 9.0
  • Adobe ColdFusion 9.0.1

References

  • BugTraq: 42342
  • CVE: CVE-2010-2861

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out