Monday, 23 August 2010

Big ColdFusion Vulnerability

« Securing PHP From XSS Attacks | Main | Python Security Site »

Anyone running a ColdFusion server will want to know about this vulnerability. It allows an attacker to get access to any file on the server without authentication. There is a patch for versions 8 and 9 of the CF server.

Posted by jherrington at 3:26 PM in Vulnerabilities-Breaches

Responses (0)

[Trackback URL for this entry]

Your comment:

Author (*):

E-mail:

URL:

Comment (*):

Remember me?

SCode: (*)

Generate another code
SCode

Please enter the code as seen in the image above to post your comment.

Live Comment Preview:

« August »
Sun	Mon	Tue	Wed	Thu	Fri	Sat
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

Recent Posts
- Back to All Posts
Meet the Bloggers
- Brian Chess
- Jacob West
- Joy Forsythe
- Yekaterina Tsipenyuk O’Neil
- Matias Madou
- Abraham Kang
- Sejal Kamani
- Sarah Cheng
- Sam Ng
- Jack Herrington
Categories
Fortify Resources

Software Security Resources

Products and Services
Recommended Blogs
- Justice League
- Schneier on Security
- SecurityFix
- CERIAS
- Security Curve
- 1 Raindrop
- Michael Howard's Weblog
- Computer Security
- A Passion for .NET Security
- Emergent Chaos
Subscribe

Feedburner (RSS)

Local (RSS)

Local (RSS v2.0)

Local (Atom)
About

Fortify Software
Recommended Books
- Secure Programming with Static Analysis
  by Brian Chess and Jacob West
- Security Metrics: Replacing Fear, Uncertainty, and Doubt
  by Andrew Janquith
- Building Secure Software: How to Avoid Security Problems the Right Way
  by John Viega and Gary McGraw
- IEEE Security & Privacy Magazine
- How to Break Software Security
  by J. Whittaker and H. Thompson
- Security Engineering
  by Ross Andersen
- Software Security: Building Security In
  by Gary McGraw
- The Security Development Lifecycle
  by Michael Howard and Steve Lipner
- The Shellcoder's Handbook: Discovering and Exploiting Security Holes
  by Jack Koziol, David Litchfield, Dave Aitel, Chris Anley, Sinan "noir" Eren, Neel Mehta, Riley Hassell
- Writing Secure Code, 2nd ed.
  by M. Howard and D. LeBlanc

Off by On

A Software Security Blog

Monday, 23 August 2010

Big ColdFusion Vulnerability

Your comment:

Live Comment Preview:

Recent Posts

Meet the Bloggers

Categories

Fortify Resources

Recommended Blogs

Subscribe

About

Recommended Books