Flaw: ColdFusion app server discloses path

Peter Grundl's discovered a bug in the ColdFusion application server that could be exploited to display the physical path of the Web root directory. The flaw is in the ISAPI filter, which could return the path as part of certain error messages. As a workaround, users should turn on the "Check that file exists" feature for .cfm and .dbm file types. Vendor site http://www.coldfusion.com

Join the newsletter!

Error: Please check your email address.
Show Comments