Family: CGI abuses --> Category: infos
ColdFusion Path Disclosure Vulnerability Scan
Vulnerability Scan Summary
Checks for a ColdFusion vulnerability
Detailed Explanation for this Vulnerability Test
It is possible to make the remote web server
disclose the physical path to its web root by
requesting a MS-DOS device ending in .dbm (as
The vendor suggests turning on 'Check that file exists' :
1. Open the Management console
2. Click on 'Internet Information Services'
3. Right-click on the website and select 'Properties'
4. Select 'Home Directory'
5. Click on 'Configuration'
6. Select '.cfm'
7. Click on 'Edit'
8. Make sure 'Check that file exists' is checked
9. Do the same for '.dbm'
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.