Macromedia ColdFusion MX Path Disclosure Vulnerability Network Vulnerability

Summary

A vulnerability has been reported for Macromedia ColdFusion MX that may reveal the physical path information to attackers. When certain malformed URL requests (port 8500) are received by the server, an error message is returned containing the full path of the ColdFusion installation.

Solution

Change the 'Debugging Settings' on the Administrator console of the ColdFusion server. This can be achieved by disabling the 'Enable Robust Exception Information' option.

Severity

Classification

CVE CVE-2003-1469

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
Apache Tomcat Directory Listing and File disclosure
appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
AdaptCMS 'init.php' Remote File Include Vulnerability
Adobe ColdFusion HTTP Response Splitting Vulnerability

Take action and discover your vulnerabilities