pf » ColdFusion Server Security Scanner
ColdFusion Server Security Scanner
My company Foundeo Inc. released a new free web service today called HackMyCF that allows you to scan your ColdFusion server to detect the absence of recent ColdFusion security hotfixes as well as other security problems.
The site generates an email report detailing what security issues were found, here's an example:
I would love to hear your feedback!
Related Entries
- You May Need to Reapply CF Security Hotfix CVE-2009-1877 - October 22, 2009
- Hands on ColdFusion Security Training - February 4, 2010
- ColdFusion 9 Solr Vulnerability - Are you at Risk? - January 29, 2010
- CFLogin Security Considerations - December 10, 2009
- FuseGuard Released - Protects your ColdFusion Apps - November 12, 2009
I'm off to fix the 1 warning I was given. Something about a file upload vulnerability in Fckeditor. Is that a problem even if I don't use Fckeditor? (TinyMCE is my choice!)
Thanks for putting in the time and effort to make it publicly available.
http://blogs.technet.com/stefan_gossner/archive/2008/03/12/iis-7-how-to-send-a-custom-server-http-header.aspx
The comments also contain an interesting discussion of whether this is really necessary from a security standpoint, and some insinuations about why Microsoft didn't make this a simple change.
@steveeray would you mind emailing me your server domain so I can look into it. Is it possible that some files still existed in your CFIDE after the update.
@David great link, thanks!
Unfortunately I have some other servers I would like to check but I do not have an E-mail address at those domains since our work E-mails are all on a secondary domain that the site doesn't operate on. Is there a way I can check those?
- J2EE Session Cookies on ColdFusion / JRun
- Hands on ColdFusion Security Training
- ColdFusion 9 Solr Vulnerability - Are you at Risk?
- FCKEditor Year 2010 Bug for Firefox 3.6
- jQuery UI Sortable Tutorial
- CFLogin Security Considerations
- Use varchar(max) instead of text in SQL Server
- ColdFusion SOAP Web Services and onRequestStart
RSS


add to del.icio.us
Pete Freitag is a software engineer, and web developer located in











