// For flags

CVE-2011-0737

 

Severity Score

5.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure

** DISPUTADA ** Adobe ColdFusion 9.0.1 CHF1 y anteriores permite a atacantes remotos obtener información sensible a través de una consulta id=- a un fichero .cfm, lo que revela la ruta de instalación en un mensaje de error. NOTA: El proveedor disputa el significado de este problema porque las secciones Site-wide Error Handler y Debug Output Settings de la guía ColdFusion Lockdown explican el requisito para las configuraciones que evitan la divulgación de esta información.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2011-02-01 CVE Reserved
  • 2011-02-01 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Adobe
Search vendor "Adobe"
Coldfusion
Search vendor "Adobe" for product "Coldfusion"
<= 9.0.1
Search vendor "Adobe" for product "Coldfusion" and version " <= 9.0.1"
chf1
Affected
Adobe
Search vendor "Adobe"
Coldfusion
Search vendor "Adobe" for product "Coldfusion"
4.5
Search vendor "Adobe" for product "Coldfusion" and version "4.5"
-
Affected
Adobe
Search vendor "Adobe"
Coldfusion
Search vendor "Adobe" for product "Coldfusion"
5.0
Search vendor "Adobe" for product "Coldfusion" and version "5.0"
-
Affected
Adobe
Search vendor "Adobe"
Coldfusion
Search vendor "Adobe" for product "Coldfusion"
6.0
Search vendor "Adobe" for product "Coldfusion" and version "6.0"
-
Affected
Adobe
Search vendor "Adobe"
Coldfusion
Search vendor "Adobe" for product "Coldfusion"
6.1
Search vendor "Adobe" for product "Coldfusion" and version "6.1"
-
Affected
Adobe
Search vendor "Adobe"
Coldfusion
Search vendor "Adobe" for product "Coldfusion"
7.0
Search vendor "Adobe" for product "Coldfusion" and version "7.0"
-
Affected
Adobe
Search vendor "Adobe"
Coldfusion
Search vendor "Adobe" for product "Coldfusion"
7.0.1
Search vendor "Adobe" for product "Coldfusion" and version "7.0.1"
-
Affected
Adobe
Search vendor "Adobe"
Coldfusion
Search vendor "Adobe" for product "Coldfusion"
7.0.2
Search vendor "Adobe" for product "Coldfusion" and version "7.0.2"
-
Affected
Adobe
Search vendor "Adobe"
Coldfusion
Search vendor "Adobe" for product "Coldfusion"
8.0
Search vendor "Adobe" for product "Coldfusion" and version "8.0"
-
Affected
Adobe
Search vendor "Adobe"
Coldfusion
Search vendor "Adobe" for product "Coldfusion"
8.0.1
Search vendor "Adobe" for product "Coldfusion" and version "8.0.1"
-
Affected
Adobe
Search vendor "Adobe"
Coldfusion
Search vendor "Adobe" for product "Coldfusion"
8.1
Search vendor "Adobe" for product "Coldfusion" and version "8.1"
-
Affected
Adobe
Search vendor "Adobe"
Coldfusion
Search vendor "Adobe" for product "Coldfusion"
9.0
Search vendor "Adobe" for product "Coldfusion" and version "9.0"
-
Affected
Adobe
Search vendor "Adobe"
Coldfusion
Search vendor "Adobe" for product "Coldfusion"
9.0.1
Search vendor "Adobe" for product "Coldfusion" and version "9.0.1"
-
Affected