Short Name |
HTTP:COLDFUSION:CFM-FILE |
---|---|
Severity |
Warning |
Recommended |
No |
Category |
HTTP |
Keywords |
Coldfusion Cfm File Path Disclosure |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects access to the ColdFusion application.cfm and onrequestend.cfm script. Attackers can reveal the physical path of the Web server.
Making an http request directly to an existing APPLICATION.CFM or ONREQUESTEND.CFM file will return an error message containing the full physical path to the file.