Description
ColdFusion Administrator Login Page is publicly available to any IP address. A good security practice is to limit access to this page to localhost or a list of fixed IP addresses.
Remediation
Limit access to the ColdFusion Administrator Login Page to localhost or a list of fixed IP addresses.
References
Related Vulnerabilities
WordPress Plugin Modern Events Calendar Lite Multiple Vulnerabilities (5.16.2)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3543)
Jetty ConcatServlet Information Disclosure (CVE-2021-28169)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-7831)