Vulnerability Details CVE-2010-0185
The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which allows remote attackers to obtain collection metadata, search information, and index data via a request to an unspecified URL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.043
EPSS Ranking 89.8%
CVSS Severity
CVSS v2 Score 5.0
References
- http://kb2.adobe.com/cps/807/cpsid_80719.html
- http://osvdb.org/62037
- http://secunia.com/advisories/38387
- http://www.adobe.com/support/security/bulletins/apsb10-04.html
- http://www.securityfocus.com/bid/38007
- http://www.securitytracker.com/id?1023519
- http://www.vupen.com/english/advisories/2010/0259
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55997
- http://kb2.adobe.com/cps/807/cpsid_80719.html
- http://osvdb.org/62037
- http://secunia.com/advisories/38387
- http://www.adobe.com/support/security/bulletins/apsb10-04.html
- http://www.securityfocus.com/bid/38007
- http://www.securitytracker.com/id?1023519
- http://www.vupen.com/english/advisories/2010/0259
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55997
Products affected by CVE-2010-0185
-
cpe:2.3:a:adobe:coldfusion:9.0