This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.
A web-based application running on the remote Windows host is affected
by multiple vulnerabilities.
The remote Windows host is running a version of ColdFusion that allows
an unauthenticated, remote attacker to execute unauthorized methods.
ColdFusion component methods that use the 'public' modifier can be
invoked remotely using WebSockets. Only methods that use the 'remote'
modifier should be capable of being invoked in this manner. An
unauthenticated, remote attacker can exploit this to execute arbitrary
See also :
Upgrade to ColdFusion 10 Update 11 or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false