Adobe ColdFusion 9.0.1 CHF1 and previous versions allows remote malicious users to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe coldfusion 7.0.2 |
||
adobe coldfusion 8.0 |
||
adobe coldfusion 9.0 |
||
adobe coldfusion 6.0 |
||
adobe coldfusion 7.0 |
||
adobe coldfusion 5.0 |
||
adobe coldfusion 6.1 |
||
adobe coldfusion 7.0.1 |
||
adobe coldfusion 8.0.1 |
||
adobe coldfusion |
||
adobe coldfusion 8.1 |
||
adobe coldfusion 9.0.1 |
||
adobe coldfusion 4.5 |