Hackers take aim at Cold Fusion

Powered by SC Magazine
 

Attacks target flaws in development tool.

A new wave of web attacks is targeting web applications written with the ColdFusion development tool.

Researchers with security group SANS said that the company has received multiple reports of attacks which target vulnerabilities in older versions of the ColdFusion development application.

The attacks are said to target two components in ColdFusion applications, the FCKEditor text editing tool and the CKFinder file management tool. Once an application is compromised, the attackers can take complete control over the targeted server.

"The attacks we've been seeing in the wild end up with inserted tags into documents on compromised web sites," wrote SANS researcher Bojan Zdrnja in a blog posting.

"As you can probably guess by now, the script tags point to a whole chain of web sites which ultimately serve malware and try to exploit vulnerabilities on clients."

Administrators are advised to make sure that all applications are fully updated and patched. SANS is also advising admins to search their web servers for any forgotten or discarded ColdFusion applications which may be vulnerable to attack.

Copyright ©v3.co.uk


Hackers take aim at Cold Fusion
 
 
 
Top Stories
Photos: iTnews Benchmark Awards countdown begins
Just a few days left until entries close for 2014.
 
Australian Govt to rethink cyber security strategy
Six-year old policy to be refreshed.
 
The failure of the antivirus industry
[Blog post] Insights from AVAR 2014.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 1030

Vote