CVE-2000-0189

Name of the Vulnerable Software and Affected Versions ColdFusion Server versions 4.x

Description The issue allows remote attackers to determine the real pathname of the server by sending an HTTP request to specific files, such as application.cfm or onrequestend.cfm.

Recommendations For ColdFusion Server version 4.x, consider restricting access to the application.cfm and onrequestend.cfm files to prevent disclosure of the server's real pathname. At the moment, there is no information about a newer version that contains a fix for this vulnerability.