Adobe ColdFusion 10 before Update 11 allows remote malicious users to call ColdFusion Components (CFC) public methods via WebSockets.
adobe coldfusion 10.0