Description

This ColdFusion web application is running with Request Debugging turned on. The Request Debugging feature displays detailed information about version of ColdFusion, server variables, etc.

Remediation

Disable Request Debugging feature or allow access to it only for certain IP addresses in the ColdFusion Administrator.

References

Configuring debugging in the ColdFusion Administrator

Related Vulnerabilities

[Possible] Internal IP Address Disclosure

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Multiple Vulnerabilities (3.4.33)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.36)

Unrestricted access to Odoo DB manager

WordPress Plugin UnGallery Local File Disclosure (1.5.8)

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure