CVE-2010-0185
First published: Wed Feb 03 2010(Updated: )
The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which allows remote attackers to obtain collection metadata, search information, and index data via a request to an unspecified URL.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe ColdFusion | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securitytracker.com/id?1023519
- http://osvdb.org/62037
- http://kb2.adobe.com/cps/807/cpsid_80719.html
- http://www.securityfocus.com/bid/38007
- http://www.adobe.com/support/security/bulletins/apsb10-04.html
- http://www.vupen.com/english/advisories/2010/0259
- http://secunia.com/advisories/38387
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55997
Frequently Asked Questions
What is the severity of CVE-2010-0185?
CVE-2010-0185 has a medium severity level, allowing potential data exposure.
How do I fix CVE-2010-0185?
To fix CVE-2010-0185, you should update Adobe ColdFusion to the latest version that addresses the vulnerability.
What types of data are exposed in CVE-2010-0185?
CVE-2010-0185 can expose collection metadata, search information, and index data.
Can CVE-2010-0185 be exploited remotely?
Yes, CVE-2010-0185 can be exploited by remote attackers without authentication.
Which version of Adobe ColdFusion is affected by CVE-2010-0185?
CVE-2010-0185 specifically affects Adobe ColdFusion version 9.0.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- vendor/adobe
- canonical/adobe coldfusion
- version/adobe coldfusion/9.0