GEN:SID 1:906
Message WEB-COLDFUSION getfile.cfm access
Summary This event is generated when an attempt is made to access an Example
application on a Coldfusion 4.x server.
Impact Serious. The vulnerability is not limited to files in the webspace, so
system files or additional unexecuted code files could be retrieved and
examined for vulnerabilities.
Detailed Information ColdFusion (Macromedia, formerly Allaire) web servers have several
default Example applications installed that have vulnerabilities.  The
email application can be exploited to allow remote viewing of arbitrary
files.

Affected Systems ColdFusion versions 2.x, 3.x, 4.x for Windows
    ColdFusion versions 4.x for Solaris, HP-UX
    ColdFusion versions 4.5.x for Linux
Attack Scenarios The example application file cfdocs/exampleapp/email/getfile.cfm can
accept URL-mangled requests like:

http://www.server.com/cfdocs/exampleapp/email/getfile.cfm?filename=c:\boot.ini

This allows trivial remote retrieval of any file on the server.
Ease of Attack Simple.
Corrective Action Delete all example code.  This is one of several significant
vulnerabilities that are exploitable if the example code is left on a
production server.
Additional References CAN-2001-0535
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0535

Macromedia Security Bulletin (MPSB01-08)
http://www.macromedia.com/devnet/security/security_zone/mpsb01-08.html
Rule References bugtraq: 229
cve: 1999-0800