Vulnerability Details : CVE-2003-1469
Potential exploit
The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message.
Vulnerability category: Information leak
Products affected by CVE-2003-1469
- cpe:2.3:a:macromedia:coldfusion:*:*:developer:*:*:*:*:*When used together with: Microsoft » Windows 2000When used together with: Microsoft » Windows NtWhen used together with: Microsoft » Windows Xp
- cpe:2.3:a:macromedia:coldfusion:*:*:*:*:*:*:*:*When used together with: Microsoft » Windows 2000When used together with: Microsoft » Windows NtWhen used together with: Microsoft » Windows Xp
- cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows 2000When used together with: Microsoft » Windows NtWhen used together with: Microsoft » Windows Xp
- cpe:2.3:a:macromedia:coldfusion_professional:*:*:*:*:*:*:*:*When used together with: Microsoft » Windows 2000When used together with: Microsoft » Windows NtWhen used together with: Microsoft » Windows Xp
Exploit prediction scoring system (EPSS) score for CVE-2003-1469
3.76%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2003-1469
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2003-1469
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2003-1469
Jump to