ColdFusion contains a flaw that allows a remote attacker to gain sensitive information such as usernames and passwords. The flaw is due to poor sanity checking on arguments supplied to the viewexample.cfm script. This could allow the attacker to view the source code of any file.
Users of ColdFusion 4.0 should upgrade or patch to version 4.0.1 or higher, as it has been reported to fix this vulnerability. Users of ColdFusion 2.x or 3.x should remove all sample applications, as the 4.0.1 patch does not apply to your installations.