ColdFusion administrator login page publicly available

Description

ColdFusion Administrator Login Page is publicly available to any IP address. A good security practice is to limit access to this page to localhost or a list of fixed IP addresses.

Remediation

Limit access to the ColdFusion Administrator Login Page to localhost or a list of fixed IP addresses.

References

- Is your ColdFusion Administrator Actually Public

Severity

Classification

CWE-16

Tags

Configuration Insecure Admin Access

Related Vulnerabilities