Vulnerability Description
The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows Nt | All versions |
| Microsoft | Windows Xp | All versions |
| Macromedia | Coldfusion | All versions |
| Macromedia | Coldfusion Professional | All versions |
Related Weaknesses (CWE)
References
- http://securityreason.com/securityalert/3307
- http://www.nii.co.in/vuln/pdmac.html
- http://www.securityfocus.com/archive/1/319867
- http://www.securityfocus.com/bid/7443Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11879
- http://securityreason.com/securityalert/3307
- http://www.nii.co.in/vuln/pdmac.html
- http://www.securityfocus.com/archive/1/319867
- http://www.securityfocus.com/bid/7443Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11879
FAQ
What is CVE-2003-1469?
CVE-2003-1469 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request t...
How severe is CVE-2003-1469?
CVE-2003-1469 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1469?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows Nt, Microsoft Windows Xp, Macromedia Coldfusion, Macromedia Coldfusion Professional.