Heartbleed Vulnerability Detected - The heartbleed vulnerability is a bug in OpenSSL (the crypto library used by Apache, NGinx, and others) that can allow the leakage of private keys used for TLS/SSL encryption.Executable found in CFIDE - Found executable file(s) in /CFIDE with one of the following file extensions: dll, exe, bat, sh. XSS Injection in cfform.js - A document.write call was found in your /CFIDE/scripts/cfform.js file, an attacker may be injecting a javascript, please check your cfform.js file.Railo Security Issue 2635 - Input of Chr(0) to the ReplaceList function can cause infinate loop / crash.Hotfix APSB11-14 Not Installed - Apply the hotfixes located in Adobe Security Notice apsb11-14.Look for /CFIDE/m /CFIDE/m32 /CFIDE/m64 and /CFIDE/updates.cfm among others. Bitcoin Miner Discovered - Found files in /CFIDE that match the signature of a bitcoin miner exploit.The only URI that should be served is /jakarta/isapi_redirect.dll - you can use Request Filtering to block. Jakarta Virtual Directory Exposed - The /jakarta virtual directory (which is required by CF10+ on Tomcat/IIS) is serving files such as isapi_redirect.properties or isapi_redirect.log.Signup for our Automated ColdFusion Security Scanning Service to stay up to date.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |