Accessibility
Adobe
Sign in Privacy My Adobe

Security bulletin

Solution available for potential ColdFusion information disclosure issue

Release date: January 29, 2010

Vulnerability identifier: APSB10-04

CVE number: CVE-2010-0185

Platform: All

Summary

An important vulnerability (CVE-2010-0185) has been identified in ColdFusion 9.0, which could allow access to collections created by the Solr Service to be accessed from any external machine using a specific URL. Adobe has provided a solution to the reported vulnerability. It is recommended that users update their product installations using the instructions provided below.

Affected software versions

ColdFusion 9.0

Solution

Adobe recommends affected ColdFusion customers update their installation using the instructions below:

http://kb2.adobe.com/cps/807/cpsid_80719.html

Severity rating

Adobe categorizes this as an important issue and recommends that users update their product installations.

Details

An important vulnerability (CVE-2010-0185) has been identified in ColdFusion 9.0, which could allow access to collections created by the Solr Service to be accessed from any external machine using a specific URL. By accessing the ColdFusion Solr collections, a user could search and index the information contained in the collections. Adobe has provided a solution to the reported vulnerability. It is recommended that users update their product installations using the instructions provided above.

Acknowledgments

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

  • Antero Ortiz (CVE-2010-0185)