cf-expeval
----------

CVE Number: 
CAN-1999-0455, CAN-1999-0477

Details:
Cold Fusion sample scripts were found on the system. These files can be 
exploited to reveal information about the server and remote file reading. Some 
of these files can lead to remote system compromise.

Files included one or more of the following:

    /cfdocs/expeval/exprcalc.cfm,
    /cfdocs/expeval/eval.cfm,
    /cfdocs/expeval/openfile.cfm,
    /cfdocs/expeval/displayopenedfile.cfm

Fix:
It is highly recommended that all sample files be removed from the system,
especially on production servers. Always use the latest version of Cold Fusion
along with the latest security patches.

Related URLs:
http://www.allaire.com/security
http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full
http://www.l0pht.com/advisories/cfusion.txt
http://www.wiretrip.net/rfp/p/doc.asp?id=8&iface=2

$Id: cf-expeval,v 1.1 2000/11/06 15:34:09 loveless Exp $
