Macromedia ColdFusion MX 6.0 - Error Message Full Path Disclosure

EDB-ID:

22544




Platform:

CFM

Date:

2003-04-26


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

source: https://www.securityfocus.com/bid/7443/info

A vulnerability has been reported for Macromedia ColdFusion MX that may reveal the physical path information to attackers.

When certain malformed URL requests are received by the server, an error message is returned containing the full path of the ColdFusion installation.

http://host:8500/CFIDE/probe.cfm