XSS Injection in cfform.js - A document.write call was found in your /CFIDE/scripts/cfform.js file, an attacker may be injecting a javascript, please check your cfform.js file.Railo Security Issue 2635 - Input of Chr(0) to the ReplaceList function can cause infinate loop / crash.For CF2018 make sure you have applied the post installation AJP connector configuration step mentioned in CF2018 Update 8. These issues are resolved in ColdFusion 2021 Update 5 or later, ColdFusion 2018 Update 15 or later. This hotfix addresses 6 critical, 6 important, and one Moderate severity level issues.
Security Hotfix APSB22-44 Not Installed - The security hotfix referenced in Adobe Security Bulletin APSB22-44 was not found to be installed on your server.Hotfix APSB11-14 Not Installed - Apply the hotfixes located in Adobe Security Notice apsb11-14.Look for /CFIDE/m /CFIDE/m32 /CFIDE/m64 and /CFIDE/updates.cfm among others. Bitcoin Miner Discovered - Found files in /CFIDE that match the signature of a bitcoin miner exploit.The only URI that should be served is /jakarta/isapi_redirect.dll - you can use Request Filtering to block. Jakarta Virtual Directory Exposed - The /jakarta virtual directory (which is required by CF10+ on Tomcat/IIS) is serving files such as isapi_redirect.properties or isapi_redirect.log.Signup for our Automated ColdFusion Security Scanning Service to stay up to date.
0 kommentar(er)
