This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
A web-based application running on the remote host is affected by an
information disclosure vulnerability.
The version of Adobe ColdFusion running on the remote Windows host is
missing a security hotfix. It is, therefore, affected by an XML
External Entity (XXE) injection vulnerability due to an incorrectly
configured XML parser accepting XML external entities from an
untrusted source. An unauthenticated, remote attacker can exploit
this, via specially crafted XML data, to disclose sensitive
See also :
Apply the relevant hotfix as referenced in Adobe Security Bulletin
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true