Dailydave mailing list archives
ColdFusion Directory Traversal FAQ (CVE-2010-2861)
From: "Adrian P." <ap () gnucitizen org>
Date: Fri, 13 Aug 2010 18:29:13 +0200
Hi guys, I wrote an FAQ attempting to illustrate why I think that Adobe should have rated the new directory traversal bug as 'Critical' rather than 'Important'. This vulnerability, which was discovered by Richard Brain, can result in remote command execution with SYSTEM privileges on Windows servers. A real attack walk-through on how to accomplish this has been included in the FAQ, along with solutions and mitigating factors: http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/ IMHO, this is one of the most serious web security bugs since CVE-2009-1151 for which I created the first public POC (the bug was actually discovered by Greg Ose). This CF vulnerability, has all the ingredients for a serious bug: - It affects a relatively popular corporate product - The affected component (ColdFusion web admin console) is often Internet-facing - No authentication is required to exploit the vulnerability - Commands can be run remotely with SYSTEM privileges, which means that the underlying OS can be fully compromised Regards, ap -- pagvac | GNUCITIZEN.org PGP Key ID: 0x6B232C7C _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- ColdFusion Directory Traversal FAQ (CVE-2010-2861) Adrian P. (Aug 13)