Vulnerability Details : CVE-2010-0185
The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which allows remote attackers to obtain collection metadata, search information, and index data via a request to an unspecified URL.
Exploit prediction scoring system (EPSS) score for CVE-2010-0185
Probability of exploitation activity in the next 30 days: 0.83%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-0185
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2010-0185
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0185
-
http://www.vupen.com/english/advisories/2010/0259
Webmail | OVH- OVHVendor Advisory
-
http://www.adobe.com/support/security/bulletins/apsb10-04.html
Adobe - Security Bulletins: APSB10-04 Solution available for potential ColdFusion information disclosure issueVendor Advisory
-
http://www.securitytracker.com/id?1023519
Adobe ColdFusion Discloses Solr Service Collections to Remote Users - SecurityTracker
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/55997
Adobe ColdFusion Solr Service information disclosure CVE-2010-0185 Vulnerability Report
-
http://kb2.adobe.com/cps/807/cpsid_80719.html
ColdFusion 9: Limit access to the Solr collections
-
http://www.securityfocus.com/bid/38007
Adobe ColdFusion Solr Service Information Disclosure Vulnerability
Products affected by CVE-2010-0185
- cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:*