DISPUTED Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure.
CPE | Name | Operator | Version |
---|---|---|---|
coldfusion | eq | 7.0.2 | |
coldfusion | eq | 8.0 | |
coldfusion | eq | 9.0 | |
coldfusion | eq | 6.0 | |
coldfusion | eq | 7.0 | |
coldfusion | eq | 5.0 | |
coldfusion | eq | 6.1 | |
coldfusion | eq | 7.0.1 | |
coldfusion | eq | 8.0.1 | |
coldfusion | le | 9.0.1 |