House of Fusion
Search over 2,500 ColdFusion resources here
  
Home of the ColdFusion Community

Mailing Lists
Home / Groups / ColdFusion Talk (CF-Talk)

New ColdFusion 8 vulnerability

Author:
Dave Watts
07/03/2009 01:09 PM

Yes, I'm pretty certain that's how it works. You may want to test the actual CF URLs even if you've moved CFIDE, as CF has a defined URL pattern match in its configuration to ensure that some URLs work in any case. Dave Watts, CTO, Fig Leaf Software Dave Watts wrote: > You may want to check for this on any clients/projects you've worked with: > http://isc.sans.org/diary.html?storyid=6715 How does this exploit actually work?  I presume it is somebody directly accessing the exposed, vulnerable, exploitable files via www.yourSite.org/cfide/scripts/something?  Is that correct?  If so, we may have been lucky enough that our cfide folder is not publicly available at the moment, but I would like to know more as I present this up the chain to get remediation steps done on our production servers.


Search cf-talk

March 18, 2010

<<   <   Today   >   >>
Su Mo Tu We Th Fr Sa
   1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31