 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.11393 |
| Category: | CGI abuses |
| Title: | ColdFusion Path Disclosure |
| Summary: | NOSUMMARY |
| Description: | Description: It is possible to make the remote web server disclose the physical path to its web root by requesting a MS-DOS device ending in .dbm (as in nul.dbm). Solution : The vendor suggests turning on 'Check that file exists' : Windows 2000: 1. Open the Management console 2. Click on 'Internet Information Services' 3. Right-click on the website and select 'Properties' 4. Select 'Home Directory' 5. Click on 'Configuration' 6. Select '.cfm' 7. Click on 'Edit' 8. Make sure 'Check that file exists' is checked 9. Do the same for '.dbm' Risk factor : Low |
| Cross-Ref: |
BugTraq ID: 4542 Common Vulnerability Exposure (CVE) ID: CVE-2002-0576 http://www.securityfocus.com/bid/4542 Bugtraq: 20020418 KPMG-2002013: Coldfusion Path Disclosure (Google Search) http://online.securityfocus.com/archive/1/268263 http://www.osvdb.org/3337 http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0028.html http://www.iss.net/security_center/static/8866.php |
| Copyright | This script is Copyright (C) 2003 Renaud Deraison |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |