Vulnerability Details CVE-2003-1469
The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.1%
CVSS Severity
CVSS v2 Score 5.0
References
- http://securityreason.com/securityalert/3307
- http://www.nii.co.in/vuln/pdmac.html
- http://www.securityfocus.com/archive/1/319867
- http://www.securityfocus.com/bid/7443
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11879
- http://securityreason.com/securityalert/3307
- http://www.nii.co.in/vuln/pdmac.html
- http://www.securityfocus.com/archive/1/319867
- http://www.securityfocus.com/bid/7443
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11879
Products affected by CVE-2003-1469
-
cpe:2.3:a:macromedia:coldfusion:*
-
cpe:2.3:a:macromedia:coldfusion:-
-
cpe:2.3:a:macromedia:coldfusion:2.0
-
cpe:2.3:a:macromedia:coldfusion:3.0
-
cpe:2.3:a:macromedia:coldfusion:3.0.1
-
cpe:2.3:a:macromedia:coldfusion:3.1
-
cpe:2.3:a:macromedia:coldfusion:3.1.1
-
cpe:2.3:a:macromedia:coldfusion:3.1.2
-
cpe:2.3:a:macromedia:coldfusion:4.0
-
cpe:2.3:a:macromedia:coldfusion:4.0.1
-
cpe:2.3:a:macromedia:coldfusion:4.5
-
cpe:2.3:a:macromedia:coldfusion:4.5.1
-
cpe:2.3:a:macromedia:coldfusion:5.0
-
cpe:2.3:a:macromedia:coldfusion:6.0
-
cpe:2.3:a:macromedia:coldfusion:6.1
-
cpe:2.3:a:macromedia:coldfusion:7.0
-
cpe:2.3:a:macromedia:coldfusion:7.02
-
cpe:2.3:a:macromedia:coldfusion_professional:-
-
cpe:2.3:o:microsoft:windows_2000:-
-
cpe:2.3:o:microsoft:windows_2000:beta3
-
cpe:2.3:o:microsoft:windows_nt:-
-
cpe:2.3:o:microsoft:windows_nt:3.0.1
-
cpe:2.3:o:microsoft:windows_nt:3.1
-
cpe:2.3:o:microsoft:windows_nt:3.5
-
cpe:2.3:o:microsoft:windows_nt:3.5.1
-
cpe:2.3:o:microsoft:windows_nt:3.51
-
cpe:2.3:o:microsoft:windows_nt:4.0
-
cpe:2.3:o:microsoft:windows_xp:-
-
cpe:2.3:o:microsoft:windows_xp:sp2
-
cpe:2.3:o:microsoft:windows_xp:sp3
-
cpe:2.3:o:microsoft:windows_xp:unknown