Allaire: >> Coldfusion Server >> 5.0 Security Vulnerabilities
ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.
CVSS Score
5.0
EPSS Score
0.011
Published
2002-06-18