First published: Tue Feb 01 2011(Updated: )
** DISPUTED ** Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe ColdFusion | =7.0.2 | |
Adobe ColdFusion | =8.0 | |
Adobe ColdFusion | =9.0 | |
Adobe ColdFusion | =6.0 | |
Adobe ColdFusion | =7.0 | |
Adobe ColdFusion | =5.0 | |
Adobe ColdFusion | =6.1 | |
Adobe ColdFusion | =7.0.1 | |
Adobe ColdFusion | =8.0.1 | |
Adobe ColdFusion | <=9.0.1 | |
Adobe ColdFusion | =8.1 | |
Adobe ColdFusion | =9.0.1 | |
Adobe ColdFusion | =4.5 | |
<=9.0.1 | ||
=4.5 | ||
=5.0 | ||
=6.0 | ||
=6.1 | ||
=7.0 | ||
=7.0.1 | ||
=7.0.2 | ||
=8.0 | ||
=8.0.1 | ||
=8.1 | ||
=9.0 | ||
=9.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.