CVE-2011-0736
MEDIUMAdobe ColdFusion < 9.0.1 - Unauthenticated Exposure of Sensitive Database Information via .cfm Query
Title source: llmDescription
Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application is configured to use a DBMS, allows remote attackers to obtain potentially sensitive information about the database structure via an id=- query to a .cfm file. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/70780
Exploit x_refsource_misc
http://websecurity.com.ua/4879/
Exploit mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html
Scores
CVSS v3
5.3
EPSS
0.0272
EPSS Percentile
84.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (13)
adobe/coldfusion
4.5
adobe/coldfusion
5.0
adobe/coldfusion
6.0
adobe/coldfusion
6.1
adobe/coldfusion
7.0
adobe/coldfusion
7.0.1
adobe/coldfusion
7.0.2
adobe/coldfusion
8.0
adobe/coldfusion
8.0.1
adobe/coldfusion
8.1
... and 3 more
Published
Feb 01, 2011
Tracked Since
Feb 18, 2026