Vulnerability Details : CVE-2010-5290
The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read access to the configuration file, a different vulnerability than CVE-2010-2861.
Exploit prediction scoring system (EPSS) score for CVE-2010-5290
Probability of exploitation activity in the next 30 days: 0.59%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 75 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-5290
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2010-5290
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-5290
-
http://qualys.immunityinc.com/home/exploitpack/CANVAS/CF_directory_traversal
Immunity, Inc.
-
http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
ColdFusion directory traversal FAQ (CVE-2010-2861)
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/87740
Adobe ColdFusion authentication process privilege escalation CVE-2010-5290 Vulnerability Report
Products affected by CVE-2010-5290
- cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:9.0.1:*:*:*:*:*:*:*