Description

ColdFusion RDS Service is enabled and publicly available to any IP address. The service is intended for development use only and must be protected with a strong password.

Remediation

Disable RDS Service in the ColdFusion Administrator.

References

Remote Development Service

Related Vulnerabilities

Yoast SEO Information Disclosure (3.2.4)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7531)

Timetable and Event Schedule by MotoPress Information Disclosure (2.3.19)

PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7486)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2100)

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N

Tags

Configuration