CVE-2005-4389

Name of the Vulnerable Software and Affected Versions CONTENS versions 3.0 and earlier

Description The issue allows remote attackers to obtain the full server path via invalid parameters. Specifically, the affected parameters are submit.y, bool, itemsperpage, submit, submit.x, criteria, advanced, and intern.

Recommendations For CONTENS versions 3.0 and earlier, as a temporary workaround, consider restricting access to the "search.cfm" page until a patch is available. Avoid using the parameters submit.y, bool, itemsperpage, submit, submit.x, criteria, advanced, and intern in the affected page until the issue is resolved.