Description
ColdFusion Administrator Login Page is publicly available to any IP address. A good security practice is to limit access to this page to localhost or a list of fixed IP addresses.
Remediation
Limit access to the ColdFusion Administrator Login Page to localhost or a list of fixed IP addresses.
References
Related Vulnerabilities
WordPress Plugin Welcart e-Commerce Information Disclosure (2.2.7)
WebPageTest Unauthorized Access Vulnerability
Wildcard Detected in Domain Portion of Content Security Policy (CSP) Directive
SAP ICF /sap/public/info sensitive information disclosure
WordPress Plugin Gmail SMTP Arbitrary File Disclosure (1.1.0)