GEN:SID 1:922
Message WEB-COLDFUSION displayfile access
Summary This even indicates an attempt to exploit undocumented CFML tags on a
Allaire ColdFusion Server
Impact Extensive server data retrieval including settings and passwords
Detailed Information Undocumented CFML tags allow reading and decryption of sensitive data
contained on servers running Allaire ColdFusion Server 2.0 - 4.0.1. This
data can be accesses by constructing a hosted application that accesses
these undocumented tags with the possibility of changing values on the
server and reading admin and studio passwords
Affected Systems Allaire ColdFusion Server 2.0 - 4.0.1
Attack Scenarios A user with permission to create pages on the server installs an
application that accesses the undocumented CFML tags, accessing this
application would allow viewing and possible modifications of these
settings
Ease of Attack Medium, Attackers need the ability to add files to the server. No "In
the Wild" exploits were available at type of writing
Corrective Action Patches are available from Allaire, install them.
Additional References  
Rule References bugtraq: 550