Java 1.6.0_24 Released Patches DOS Vulnerability

java As mentioned last week, a pretty serious Denial Of Service vulnerability in the Java Virtual Machine was disclosed. It is important that you look into resolving this issue if you run any java based server side applications (including ColdFusion).

Yesterday Oracle released Java 1.6.

This entry was:

Important Java Security Patch Released

coldfusion java Oracle has just released a patch for a critical denial of service vulnerability (CVE-2010-4476) in the Java Runtime.

I have confirmed that this is easily exploited on a ColdFusion server running an unpatched JVM. It's very very probable that you have code that could be exploited.

This entry was:

HackMyCF Scanner Updated

coldfusion Yesterday I added some additional functionality to the HackMyCF ColdFusion Server Security Scanner:

Now Checks for an exposed WEB-INF directory - The content in the WEB-INF folder should not be served up to the public. If it is under the web root, it must be blocked by the web server.

This entry was:


did you hack my cf?