If I understood the problem correctly then you have directory browsing enable at webserver. First please disable it and then check it.
thanks for the reply.
I tried the following -
going to C:\ColdFusion10\cfusion\runtime\conf web.xml and changing the value of listings parameter -
<!-- secure profile disable start -->
<!-- secure profile disable end -->
<!-- secure profile enable start
secure profile enable end -->
I changed the listing from true to false, but no luck so far.
i disabled directory browsing on iis , that did the trick . Thanks a lot for your help !!!! If i see any issue , i will post again.
Glad that did the trick, could you please mark the answer correct.
did it, thanks again!
Your security team must not know an arse from an elbow if they did not know how to turn off directory browsing.
I'd seriously consider a full security audit of your OS, web server, CF server and code.
Also has been "ColdFusion" - one word - for close to two decades now...