Detections
Analytics

ColdFusion Debug Mode Information Disclosure

medium Nessus Plugin ID 10797

Language:

Synopsis

The remote web server is hosting a CGI application that is affected by an information disclosure vulnerability.

Description

It is possible to see the ColdFusion Debug Information by appending '?Mode=debug' at the end of the request.

ColdFusion 4.5 and 5.0 are definitely concerned (probably in addition older versions).

The Debug Information usually contain sensitive data such as Template Path or Server Version.

Solution

Enter an IP (e.g. 127.0.0.1) in the Debug Settings within the ColdFusion Admin.

See Also

https://www.adobe.com/products/coldfusion-family.html

Plugin Details

Severity: Medium

ID: 10797

File Name: cf_debug.nasl

Version: 1.28

Type: remote

Family: CGI abuses

Published: 11/7/2001

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Vulnerability Publication Date: 7/1/2001