| VID |
21016 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The ColdFusion package distributes several sample applications with it. One of these sample programs, fileexists.cfm, can be used to remotely confirm the existence of arbitrary files. This information could be used by an attacker to pinpoint further attacks. |
| Recommendation |
Install the Cold Fusion 4.0.1 Update from the Allaire web site. See References. It is recommended users remove the fileexists.cfm program from all production servers. |
| Related URL |
CVE-1999-0923 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
1743 (ISS) |
|
