Skip to main content

CVE-2002-0576

Severity Medium
Score 5/10

Summary

ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.

  • LOW
  • NETWORK
  • NONE
  • NONE
  • PARTIAL
  • NONE

References

Advisory Timeline

  • Published