Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read access to the configuration file, a different vulnerability than CVE-2010-2861.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Adobe ColdFusion 验证过程权限获取漏洞
Vulnerability Description
Adobe ColdFusion是美国奥多比(Adobe)公司的一款动态Web服务器产品,其运行的CFML(ColdFusion Markup Language)是针对Web应用的一种程序设计语言。 Adobe ColdFusion 9.0.2及之前版本中的验证过程中存在安全漏洞,该漏洞源于程序在已知哈希密码情况下,不需要明文密码便可通过验证。上下文相关的攻击者可借助配置文件的读权限,利用该漏洞获取管理员权限。
CVSS Information
N/A
Vulnerability Type
N/A