Path Disclosure Vulnerability in ColdFusion MX Server

May 02, 2003

A vulnerability in Macromedia Coldfusion MX Server's default installation can result in the inadvertent disclosure of the physical path of the server installation. In a default installation, the Enable Robust Exception Information setting is enabled under Debugging Settings. According to Macromedia, this setting should be cleared on production systems.

(Thanks to Chris Montgomery for sending us this article!)

Copy This Article's Url To Clipboard

Latest ColdFusion Talk (CF-Talk)

CF8 enterprise, CF8 Standard, CF7 Standard on same computer?
Installing CF8 on a server with dot net / asp net
Hi everyone
cfgrid bind component path not working
Auto-append params
rematchnocase not working
CFHTTP call in CFC, returning content fails
Trying to use cfexecute to run batch file
extracting numbers from a string
CFC and MG2 where does validation fit in?

Latest ColdFusion Jobs (CF-Jobs)

ColdFusion Positions Houston, TX and Greenville, SC
Coldfusion Web Developer - Natick, MA
Need Remote LAMP or WIMP or ColdFusion Work
ColdFusion Developers/Arlington, Virginia/Direct
ColdFusion MX Developers Needed in NYC!
Seasoned ColdFusion Developer Available
Available:Sr ColdFusion Developer
Mid Lvl ColdFusion Developer - Phoenix, AZ
ColdFusion Developer - Knoxville, TN
ColdFusion Positions in TX and SC!!! Immediate!

Want a number like 800-ColdFusion?

My Toll Free 800 Number provides a vanity phone number service to clients who want more than just digits. How would you like 800-coldfusion?