Описание
The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read access to the configuration file, a different vulnerability than CVE-2010-2861.
Ссылки
Уязвимые конфигурации
Конфигурация 1Версия до 9.0.2 (включая)
Одно из
cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:9.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01616
Низкий
10 Critical
CVSS2
Дефекты
CWE-255
Связанные уязвимости
github
больше 3 лет назад
The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read access to the configuration file, a different vulnerability than CVE-2010-2861.
EPSS
Процентиль: 81%
0.01616
Низкий
10 Critical
CVSS2
Дефекты
CWE-255