This host is running Adobe ColdFusion and is prone to multiple vulnerabilities.
Successful exploitation will allow attackers to disclose the contents of arbitrary files on the system and execute arbitrary code. Impact Level: System/Application
Apply the patch from below link, http://www.adobe.com/support/security/bulletins/apsb13-03.html
Multiple flaws are due to, - The CFIDE/componentutils/cfcexplorer.cfc script not properly sanitizing user input, specifically directory traversal attacks supplied via the 'path' parameter when 'method' is set to: 'getcfcinhtml' and 'name' is set to 'CFIDE.adminapi.administrator'. - The 'ScheduledURL' variable allows specifying an arbitrary resource to save to system as specified by the 'publish_file' variable and then schedule this task to be executed at a set time.
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10
Get the installed version of Adobe ColdFusion with the help of detect NVT and check the version is vulnerable or not.
- Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
- Apache Tomcat Login Constraints Security Bypass Vulnerability
- Apache Continuum Cross Site Scripting Vulnerability
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- Adobe ColdFusion Multiple Path Disclosure Vulnerabilities