Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
ColdFusion directory traversal - Vulnerability Database

ColdFusion directory traversal

Description

Adobe ColdFusion 9.0.1 and earlier versions contain a directory traversal vulnerability (CVE-2010-2861) that allows remote attackers to read arbitrary files from the server. Attackers exploit this flaw by using path traversal sequences (such as '../') in HTTP requests to navigate outside the web application's root directory and access sensitive files, including configuration files, source code, and potentially credentials. This vulnerability requires no authentication and can be exploited remotely over the network.

Remediation

Apply Adobe Security Bulletin APSB10-18 hotfix immediately to all affected ColdFusion installations (versions 9.0.1 and earlier). Follow these steps:

1. Download the appropriate security hotfix from Adobe's official security bulletin (APSB10-18)
2. Back up your ColdFusion installation and configuration files before applying the patch
3. Stop the ColdFusion service
4. Apply the hotfix according to Adobe's installation instructions (KB article cpsid_85766)
5. Restart the ColdFusion service and verify proper operation
6. Test the fix by attempting directory traversal attacks against your own system
7. Review web server and application logs for any signs of previous exploitation

As an additional security measure, implement input validation to reject requests containing path traversal sequences ('../', '..\', URL-encoded variants) and restrict file access to only necessary directories using proper access controls.

References

Security update: Hotfix available for ColdFusion
Vulnerability Summary for CVE-2010-2861
Coldfusion Directory Traversal Faq (CVE-2010-2861)
ColdFusion : Security Hot fix for the bulletin APSB10-18

Related Vulnerabilities

Joomla! Core 1.5.x Directory Traversal (1.5.0 - 1.5.8) High
Common tags: Directory Traversal Missing Update
WordPress Plugin Database Backup for WordPress 'edit.php' Directory Traversal (1.7) High
Common tags: Directory Traversal Missing Update
Joomla! Core Directory Traversal (2.5.0 - 3.9.22) High
Common tags: Directory Traversal Missing Update
WordPress Plugin myEASYbackup 'dwn_file' Parameter Directory Traversal (1.0.8.1) High
Common tags: Directory Traversal Missing Update
WordPress 5.7.x Directory Traversal (5.7 - 5.7.11) High
Common tags: Directory Traversal Missing Update

Severity

High

Classification

CVE-2010-2861
CWE-22
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal
Missing Update