Description

ColdFusion RDS Service is enabled and publicly available to any IP address. The service is intended for development use only and must be protected with a strong password.

Remediation

Disable RDS Service in the ColdFusion Administrator.

References

Remote Development Service

Related Vulnerabilities

Apache Tomcat version older than 6.0.36

WordPress Plugin Yoast SEO Information Disclosure (3.2.4)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3412)

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.27)

WordPress Plugin Contact Form 7 Database Information Disclosure (1.3)

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration