Adobe » Coldfusion » 6.1 : Security Vulnerabilities, CVEs, Published In 2011 (Information Leak)
Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure
Max CVSS
5.0
EPSS Score
0.65%
Published
2011-02-01
Updated
2024-04-11
Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application is configured to use a DBMS, allows remote attackers to obtain potentially sensitive information about the database structure via an id=- query to a .cfm file. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure
Max CVSS
4.3
EPSS Score
0.81%
Published
2011-02-01
Updated
2024-04-11
2 vulnerabilities found