Info

Disclosure

Jul 01, 2001

Discovery

Unknown

Dates

Exploit

Jul 01, 2001

Solution

Unknown

Description

ColdFusion contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker appends "?Mode=debug" to any .cfm page, which will disclose the installation path and additional information resulting in a loss of confidentiality.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Available
OSVDB: Web Related

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Enter a IP (e.g. 127.0.0.1) in the Debug Settings within the ColdFusion Admin.

Products

Macromedia, Inc.	ColdFusion MX	4.5
		5.0

References

Vendor URL: http://www.macromedia.com/software/coldfusion/?promoid=home_prod_cf_082403

Credit

Felix Huber - huberfelixwebtopia.de -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Macromedia, Inc.

ColdFusion MX

References

Credit