| VID |
22027 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The ColdFusion Server has an information disclosure vulnerability. It is possible to see the ColdFusion Debug Information by appending '?Mode=debug' at the end of the request (like GET /index.cfm?Mode=debug).
4.5 and 5.0 versions or prior of ColdFusion are vulnerable. The Debug Information usually contain sensitive data such as Template Path or Server Version.
* References:
http://www.kb.cert.org/vuls/id/913704
http://www.iss.net/security_center/static/6792.php
http://cgi.nessus.org/plugins/dump.php3?id=10039 |
| Recommendation |
Enter a IP (e.g. 127.0.0.1) in the Debug Settings within the ColdFusion Admin. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
