CVE

Id
42769  
CVE No.
CVE-2010-0185  
Status
Candidate  
Description
The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which allows remote attackers to obtain collection metadata, search information, and index data via a request to an unspecified URL.  
Phase
Assigned (20100106)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
466412 42769 CVE-2010-0185 CONFIRM:http://kb2.adobe.com/cps/807/cpsid_80719.html  View
466413 42769 CVE-2010-0185 CONFIRM:http://www.adobe.com/support/security/bulletins/apsb10-04.html  View
466414 42769 CVE-2010-0185 BID:38007  View
466415 42769 CVE-2010-0185 URL:http://www.securityfocus.com/bid/38007  View
466416 42769 CVE-2010-0185 OSVDB:62037  View
466417 42769 CVE-2010-0185 URL:http://osvdb.org/62037  View
466418 42769 CVE-2010-0185 SECTRACK:1023519  View
466419 42769 CVE-2010-0185 URL:http://www.securitytracker.com/id?1023519  View
466420 42769 CVE-2010-0185 SECUNIA:38387  View
466421 42769 CVE-2010-0185 URL:http://secunia.com/advisories/38387  View
466422 42769 CVE-2010-0185 VUPEN:ADV-2010-0259  View
466423 42769 CVE-2010-0185 URL:http://www.vupen.com/english/advisories/2010/0259  View
466424 42769 CVE-2010-0185 XF:coldfusion-solr-information-disclosure(55997)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
35365 JVNDB-2010-001145 Adobe Download Manager における任意のプログラムをダウンロードおよびインストールされる脆弱性 Adobe Download Manager で使用される NOS Microsystems getPlus Download Manager の ActiveX control には、サブドメインがないウェブサイトのリクエストの処理に不備があるため、任意のプログラムをダウンロードおよびインストールされる脆弱性が存在します。 CVE-2010-0189 42769 10 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001145.html  View