CVE-2006-6482

Severity

50%

Complexity

99%

Confidentiality

48%

Adobe ColdFusion MX7 allows remote attackers to obtain sensitive information via a URL request (1) for a non-existent (a) JWS, (b) CFM, (c) CFML, or (d) CFC file, which displays the installation path in the resulting error message; or (2) to /CFIDE/administrator/login.cfm without a host, which can reveal the server's internal IP address in an HREF tag.

Adobe ColdFusion MX7 allows remote attackers to obtain sensitive information via a URL request (1) for a non-existent (a) JWS, (b) CFM, (c) CFML, or (d) CFC file, which displays the installation path in the resulting error message; or (2) to /CFIDE/administrator/login.cfm without a host, which can reveal the server's internal IP address in an HREF tag.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N).

Overview

First reported 18 years ago

2006-12-12 20:28:00

Last updated 6 years ago

2018-10-17 21:48:00

Affected Software

Adobe ColdFusion MX 7.0

7.0

References

23281

2021

1017361

Vendor Advisory

20061210 [SBDA] - ColdFusion MX7 - Multiple Vulnerabilities

21532

ADV-2006-4949

coldfusion-extensions-path-disclosure(30839)

coldfusion-login-information-disclosure(30840)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.