CVE-2011-0737
MEDIUMAdobe ColdFusion < 9.0.1 - Information Disclosure via .cfm File Error Message
Title source: llmDescription
Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/70781
Exploit x_refsource_misc
http://websecurity.com.ua/4879/
Exploit mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html
Scores
CVSS v3
5.3
EPSS
0.0278
EPSS Percentile
84.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (13)
adobe/coldfusion
4.5
adobe/coldfusion
5.0
adobe/coldfusion
6.0
adobe/coldfusion
6.1
adobe/coldfusion
7.0
adobe/coldfusion
7.0.1
adobe/coldfusion
7.0.2
adobe/coldfusion
8.0
adobe/coldfusion
8.0.1
adobe/coldfusion
8.1
... and 3 more
Published
Feb 01, 2011
Tracked Since
Feb 18, 2026