The ColdFusion directory traversal vulnerability has been classified by Adobe as important rather than critical, and I agree with A.P. (Adrian P. of GnuCitizen) that this is a mistake. Here’s why I think this is a big mistake … on top of the excellent analysis Adrian has already done (check his excellent post here) I think it’s relevent to do a little digging yourself to understand the full scope of the potential problem.
This post is worth reading.
Here is the link.