LowCheck or Attack Name: ColdFusionFileExists
The ColdFusion package distributes with it a number of sample applications one of which, "fileexists.cfm," can be used to remotely confirm the existence of arbitrary files. This information could be used by an attacker to pinpoint further attacks.
Upgrade to ColdFusion 4.0.1 once it becomes available. It is recommended users remove the "fileexists.cfm" program from all production servers.
Allaire Security Bulletin ASB99-02, ColdFusion 4.0 Example Applications and Sample Code Exposes Servers ColdFusion 4.0 Example Applications and Sample Code Exposes Servers, http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full
