Description

ColdFusion RDS Service is enabled and publicly available to any IP address. The service is intended for development use only and must be protected with a strong password.

Remediation

Disable RDS Service in the ColdFusion Administrator.

References

Remote Development Service

Related Vulnerabilities

Python Debugger Unauthorized Access Vulnerability

XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2023-34466)

[Possible] Internal Path Disclosure (Windows)

WordPress Plugin HTML5 MP3 Player with Playlist Free Information Disclosure (2.6)

Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration