MediumCheck or Attack Name: ColdFusionSource
ColdFusion 4.0 ships with many sample applications and scripts, which are installed by default. A vulnerability exists in the "viewexample.cfm" program, which allows a remote user to view the source of any CFM file on the server. This could allow an attacker to gain proprietary information contained in the source code, such as usernames and passwords.
Upgrade to ColdFusion 4.0.1 once it becomes available. It is recommended users remove ALL samples, including "viewexample.cfm," from production web servers.
Allaire Security Bulletin ASB99-02, ColdFusion 4.0 Example Applications and Sample Code Exposes Servers, http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full
