Status/Resolution/Reason: Closed/Withdrawn/NotABug
Reporter/Name(from Bugbase): Wes Hanney / Wes Hanney (ModernWes)
Created: 04/01/2013
Components: Administrator
Versions: 10.0
Failure Type:
Found In Build/Fixed In Build: Final /
Priority/Frequency: Major / All users will encounter
Locale/System: English / Win 2008 Server R2 64 bit
Vote Count: 0
Problem Description:
The CFIDE is available externally on all websites running ColdFusion 10 even if the virtual directory is removed.
Steps to Reproduce:
1) Install and configure ColdFusion 10 as normal for IIS.
2) Remove the /CFIDE virtual directory from all websites
3) Go to the website as follows: http://website/cfide/administrator/index.cfm
Actual Result:
See attached screenshot (url removed from address bar). You'll notice that all the pictures are broken but the administrator is fully functional if you login with the proper hashed credentials (or have authentication disabled).
Expected Result:
We should be getting a 404 error from IIS or ColdFusion.
Any Workarounds:
The solution is to stop ColdFusion, delete the CFIDE directory (or more it out of) the wwwroot folder located in the ColdFusion instance directory.
Ex: C:\coldfusion10\cfusion\wwwroot\CFIDE
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 3533394
External Customer Info:
External Company:
External Customer Name: ModernWes
External Customer Email:
External Test Config: My Hardware and Environment details:
Tested on a live production server Windows 2008 Server R2 with IIS 7.5 and ColdFusion 10 running on VMware.
Tested on a test server running Windows 2008 Server with IIS 7.5 and ColdFusion 10 (not virtualized)Attachments:
- April 02, 2013 00:00:00: 1_ColdFusion_Administrator_Login_-_Google_Chrome.jpg
Comments: