Adobe ColdFusion 9.0.1 CHF1 and previous versions, when a web application is configured to use a DBMS, allows remote malicious users to obtain potentially sensitive information about the database structure via an id=- query to a .cfm file. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe coldfusion 7.0.2 |
||
adobe coldfusion 8.0 |
||
adobe coldfusion 9.0 |
||
adobe coldfusion 6.0 |
||
adobe coldfusion 7.0 |
||
adobe coldfusion 5.0 |
||
adobe coldfusion 6.1 |
||
adobe coldfusion 7.0.1 |
||
adobe coldfusion 8.0.1 |
||
adobe coldfusion |
||
adobe coldfusion 8.1 |
||
adobe coldfusion 9.0.1 |
||
adobe coldfusion 4.5 |