2 results (0.009 seconds)

CVSS: 5.0EPSS: 2%CPEs: 7EXPL: 2

The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message. • https://www.exploit-db.com/exploits/22544 http://securityreason.com/securityalert/3307 http://www.nii.co.in/vuln/pdmac.html http://www.securityfocus.com/archive/1/319867 http://www.securityfocus.com/bid/7443 https://exchange.xforce.ibmcloud.com/vulnerabilities/11879 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header. • http://www.iss.net/security_center/static/9460.php http://www.macromedia.com/v1/handlers/index.cfm?ID=23161 http://www.securityfocus.com/bid/5121 •