• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Macromedia ColdFusion MX Windows User File Authorization Vulnerability

Solution:
The following steps can be used to resolve this issue:

In the IIS configuration for the ColdFusion MX website, choose Properties->Home Directory->Configuration.

Click on the .cfm file extension and click Edit.

Ensure that the Check Files Exist checkbox is checked.

Repeat the above step for any other file extensions ColdFusion may use, including .cfml, .dbm, .jsp, .jsw.

Create the following .cfm files (assuming default IIS web directories):
InetPub\wwwroot\CFIDE\GraphData.cfm
InetPub\wwwroot\CFIDE\main\ide.cfm
These files may be created as zero byte files.

If a Missing Template Handler was specified in ColdFusionMX Administrator, choose Properties->Custom Errors->HTTP Error 404->Edit Properties.

Choose URL for the Message Type and enter the path to the COldFusion MX Missing Template Handler.