ColdFusion Robust Exception enabled
Description
The ColdFusion application server has the Robust Exception Information feature enabled in a production environment. When enabled, this debugging feature exposes detailed error messages to end users, including full stack traces, file system paths, database query details, variable values, and internal application logic. This configuration is intended only for development environments and should never be active in production systems.
Remediation
Disable the Robust Exception Information feature immediately by following these steps:
1. Log in to the ColdFusion Administrator interface
2. Navigate to 'Debugging & Logging' > 'Debug Output Settings'
3. Uncheck the 'Enable Robust Exception Information' option
4. Click 'Submit Changes' to save the configuration
5. Restart the ColdFusion service to ensure changes take effect
Additionally, implement custom error handling in your application using the <cferror> tag or Application.cfc/Application.cfm error handlers to display user-friendly error messages without exposing technical details. Ensure detailed error logging is directed to secure server-side log files accessible only to authorized administrators.