CVE-2002-0576

medium

Description

ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.

References

http://www.securityfocus.com/bid/4542

http://www.osvdb.org/3337

http://www.macromedia.com/v1/handlers/index.cfm?ID=22906

http://www.iss.net/security_center/static/8866.php

http://online.securityfocus.com/archive/1/268263

http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0028.html

Details

Source: Mitre, NVD

Published: 2002-06-18

Updated: 2008-09-05

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

Detections

Analytics