cf-extras
---------

CVE Number: 
None

Details:
Cold Fusion sample scripts were found on the system. These files can be 
exploited to reveal information about the server, to Denial of Service, to
remote file reading. Some of these files can lead to remote system
compromise.

Files included one or more of the following:

    /cfdocs/exampleapp/email/getfile.cfm
    /cfdocs/exampleapp/publish/admin/addcontent.cfm
    /cfdocs/examples/cvbeans/beaninfo.cfm,
    /cfide/Administrator/startstop.html,
    /cfdocs/examples/parks/detail.cfm,
    /cfappman/index.cfm

Fix:
It is highly recommended that all sample files be removed from the system,
especially on production servers. Always use the latest version of Cold Fusion
along with the latest security patches.

Related URLs:
http://www.allaire.com/security
http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full
http://www.l0pht.com/advisories/cfusion.txt
http://www.wiretrip.net/rfp/p/doc.asp?id=8&iface=2

$Id: cf-extras,v 1.1 2000/11/06 15:34:09 loveless Exp $
