CVE-2011-0737
Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosureEnginsight
Vendor | Product | Version |
---|---|---|
adobe | coldfusion | 𝑥 ≤ 9.0.1 |
adobe | coldfusion | 4.5 |
adobe | coldfusion | 5.0 |
adobe | coldfusion | 6.0 |
adobe | coldfusion | 6.1 |
adobe | coldfusion | 7.0 |
adobe | coldfusion | 7.0.1 |
adobe | coldfusion | 7.0.2 |
adobe | coldfusion | 8.0 |
adobe | coldfusion | 8.0.1 |
adobe | coldfusion | 8.1 |
adobe | coldfusion | 9.0 |
adobe | coldfusion | 9.0.1 |