Description

ColdFusion RDS Service is enabled and publicly available to any IP address. The service is intended for development use only and must be protected with a strong password.

Remediation

Disable RDS Service in the ColdFusion Administrator.

References

Remote Development Service

Related Vulnerabilities

Error page web server version disclosure

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1158)

WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.17)

Content Security Policy Misconfiguration

Content-Security-Policy-Report-Only Cannot Be Declared Between META Tags

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration