Vulnerability   
Search   
    Search 210752 CVE descriptions
and 93608 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.11393
Category:CGI abuses
Title:ColdFusion Path Disclosure
Summary:NOSUMMARY
Description:Description:

It is possible to make the remote web server
disclose the physical path to its web root by
requesting a MS-DOS device ending in .dbm (as
in nul.dbm).

Solution :
The vendor suggests turning on 'Check that file exists' :

Windows 2000:
1. Open the Management console
2. Click on 'Internet Information Services'
3. Right-click on the website and select 'Properties'
4. Select 'Home Directory'
5. Click on 'Configuration'
6. Select '.cfm'
7. Click on 'Edit'
8. Make sure 'Check that file exists' is checked
9. Do the same for '.dbm'

Risk factor : Low

Cross-Ref: BugTraq ID: 4542
Common Vulnerability Exposure (CVE) ID: CVE-2002-0576
http://www.securityfocus.com/bid/4542
Bugtraq: 20020418 KPMG-2002013: Coldfusion Path Disclosure (Google Search)
http://online.securityfocus.com/archive/1/268263
http://www.osvdb.org/3337
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0028.html
http://www.iss.net/security_center/static/8866.php
CopyrightThis script is Copyright (C) 2003 Renaud Deraison

This is only one of 93608 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.