CVE-2006-6482

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion MX7

Description The issue allows remote attackers to obtain sensitive information. This can be achieved through a URL request for a non-existent file, such as a JWS, CFM, CFML, or CFC file, which displays the installation path in the resulting error message. Additionally, accessing /CFIDE/administrator/login.cfm without a host can reveal the server's internal IP address in an HREF tag.

Recommendations For Adobe ColdFusion MX7, consider restricting access to the /CFIDE/administrator/login.cfm endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the error messages that reveal sensitive information until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.