The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote malicious users to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
macromedia coldfusion 6.0 |
||
macromedia coldfusion_professional |
||
macromedia coldfusion |