Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

ColdFusion Path Disclosure Vulnerability Scan

Vulnerability Scan Summary
Checks for a ColdFusion vulnerability

Detailed Explanation for this Vulnerability Test

It is possible to make the remote web server
disclose the physical path to its web root by
requesting a MS-DOS device ending in .dbm (as
in nul.dbm).

Solution :
The vendor suggests turning on 'Check that file exists' :

Windows 2000:
1. Open the Management console
2. Click on 'Internet Information Services'
3. Right-click on the website and select 'Properties'
4. Select 'Home Directory'
5. Click on 'Configuration'
6. Select '.cfm'
7. Click on 'Edit'
8. Make sure 'Check that file exists' is checked
9. Do the same for '.dbm'

Threat Level: Low

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.