CVE-2002-0576

Name of the Vulnerable Software and Affected Versions ColdFusion versions 5.0 and earlier

Description The issue allows remote attackers to determine the absolute pathname of certain files, such as .cfm or .dbm files, on Windows systems. This is achieved through an HTTP request containing an MS-DOS device name, like NUL, which results in the pathname being leaked in an error message.

Recommendations For ColdFusion versions 5.0 and earlier, consider restricting access to sensitive files and directories to minimize the risk of exploitation until a fix is available. As a temporary workaround, avoid using MS-DOS device names in HTTP requests to prevent pathname leakage.