Flaw: ColdFusion app server discloses path

Peter Grundl's discovered a bug in the ColdFusion application server that could be exploited to display the physical path of the Web root directory. The flaw is in the ISAPI filter, which could return the path as part of certain error messages. As a workaround, users should turn on the "Check that file exists" feature for .cfm and .dbm file types. Vendor site http://www.coldfusion.com

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments