Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-1469

CWE-200Information Exposure4 documents4 sources
Severity
5.0MEDIUM
EPSS
2.1%
top 15.75%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Macromedia Coldfusion
Timeline
PublishedDec 31
Latest updateApr 29

Description

The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-h93c-xg3w-5f5p: The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the2022-04-29
CVEList
CVE-2003-1469: The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the2007-10-24

💥Exploits & PoCs

1
Exploit-DB
Macromedia ColdFusion MX 6.0 - Error Message Full Path Disclosure2003-04-26
CVE-2003-1469 (MEDIUM CVSS 5) | The default configuration of ColdFu | cvebase.io