CVE-2005-2481

Name of the Vulnerable Software and Affected Versions ColdFusion Fusebox version 4.1.0

Description The issue allows remote attackers to obtain sensitive information via an invalid fuseaction parameter. This occurs because the parameter leaks the full server path in an error message when, for example, the "?" (question mark) character is used.

Recommendations For ColdFusion Fusebox version 4.1.0, consider restricting access to the fuseaction parameter to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using invalid characters in the fuseaction parameter to prevent error messages that could leak sensitive information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.