RE: http://www.adobe.com/support/security/advisories/apsa13-03.html
Open letter to Adobe…
Adobe,
Please assign someone to trend all the ColdFusion vulnerabilities for the last five years. I am certain you'll find that a vast majority of them revolve around the CFIDE directory. Idea: Instead of endlessly patching the CFIDE modules every time a vulnerability is found or exploited, if you were to eliminate the CFIDE directory ColdFusion would probably be one of the more secure web platforms on the market. Just a thought.
For users of ColdFusion, my advice is to remove the CFIDE virtual directory from all your public facing sites. If your site requires the CFIDE/scripts directory, point the CFIDE virtual directory to an empty directory and then create a "scripts" virtual directory under it and point it to the original /CFIDE/scripts location. Poof -- probably 80% or more of the CF vulnerabilities avoided.
ColdFusion is a great platform and can be very secure -- minus the CFIDE.