HackMyCF.com Now Detects BlazeDS Vulnerability
I've just finished updating the HackMyCF.com ColdFusion security scanner to detect the BlaseDS Vulnerability APSB10-05 announced in February 2010. As you hopefully know, this vulnerability also effects ColdFusion 7-9, because it has BlaseDS installed by default. So make sure and patch your servers, this vulnerability allows an attacker to read any file on your server that ColdFusion has permission to read, which can make it very easy for an attacker to break in in many cases.
Head over to HackmyCF.com and see if we are detecting the vulnerability on your server (note that even if we are not detecting it, you should still make sure you have applied this important patch).
Big thanks to Joshua Cyr for providing me with some helpful information about this vulnerability.
Tweet
add to del.icio.us
| Tags: coldfusion, security, blaseds, flash, flash remoting, hackmycf
Related Entries
- HackMyCF Updated for APSB11-29 Security Hotfix - December 15, 2011
- Determining Which Cumulative Hotfixes are Installed on ColdFusion - September 20, 2011
- HashDOS and ColdFusion - December 31, 2011
- Adobe eSeminar on FuseGuard - October 26, 2011
- Adding Two Factor Authentication to ColdFusion Administrator - September 19, 2011
Trackbacks
Comments
Post a Comment
Recent Entries
- Nginx redirect www to non www domain
- HashDOS and ColdFusion
- HackMyCF Updated for APSB11-29 Security Hotfix
- Adobe eSeminar on FuseGuard
- Determining Which Cumulative Hotfixes are Installed on ColdFusion
- Adding Two Factor Authentication to ColdFusion Administrator
- ColdFusion Developer Week at Adobe.com
- Bug Loading Scripts for CFFileUpload and CFMediaPlayer
