Description

This ColdFusion web application is running with Request Debugging turned on. The Request Debugging feature displays detailed information about version of ColdFusion, server variables, etc.

Remediation

Disable Request Debugging feature or allow access to it only for certain IP addresses in the ColdFusion Administrator.

References

Configuring debugging in the ColdFusion Administrator

Related Vulnerabilities

Jenkins open people list

SharePoint Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-8580)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4999)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-5835)

WordPress Plugin WP Attachment Export Arbitrary File Download (0.2.3)

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure