Short Name |
APP:ADOBE-CF-DIR-TRAV |
---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Adobe ColdFusion Directory Traversal |
Release Date |
2010/09/27 |
Update Number |
1780 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects an attempt to exploit a known directory traversal vulnerability in Adobe ColdFusion. This is due to a design weakness in the ColdFusion administration console that fails to properly sanitize input passed to the admin page. Remote unauthenticated attackers can exploit this to retrieve arbitrary files from the target system through directory traversal, including password file for the ColdFusion administration console. With this password file, an attacker can upload and execute arbitrary ColdFusion code within the security context of System.
Adobe ColdFusion is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. Adobe ColdFusion 9.0.1 and prior are vulnerable.