PT-2003-2414 · Adobe · Coldfusion Mx

Published

2003-12-31

Updated

2017-07-29

CVE-2003-1469

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions ColdFusion MX (affected versions not specified)

Description The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected. This setting allows remote attackers to obtain the full path of the web server via a direct request to "CFIDE/probe.cfm". The error message returned by this request leaks the path.

Recommendations For ColdFusion MX, consider disabling the "Enable Robust Exception Information" option to prevent the leakage of the web server's full path. As a temporary workaround, restrict access to "CFIDE/probe.cfm" to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2003-1469

Affected Products

Coldfusion Mx

PT-2003-2414 · Adobe · Coldfusion Mx

CVE-2003-1469

Weakness Enumeration

Related Identifiers

Affected Products

References · 7