Home > News > Technology > Security > Hackers take aim at Cold Fusion

Security

Hackers take aim at Cold Fusion

Hackers take aim at Cold Fusion

Related Articles

Top 10 best things about the web

Top 10 worst things about the web

Opinion: Moving beyond Web 2.0

Microsoft begins previews of Office Web Applications

Breaking Stories

Australian Government websites blitzed by DDoS attack

Vividwireless reveals five-city expansion plans

Microsoft denies Windows 7 battery problems

Ex-Intel executive owns up to insider trading

Optus to boost HFC network up to 100 Mbps

By Shaun Nichols

Jul 3, 2009 3:16 PM

Tags: attacks | web | applications | coldfusion | development | sans

Attacks target flaws in development tool.

A new wave of web attacks is targeting web applications written with the ColdFusion development tool.

Researchers with security group SANS said that the company has received multiple reports of attacks which target vulnerabilities in older versions of the ColdFusion development application.

The attacks are said to target two components in ColdFusion applications, the FCKEditor text editing tool and the CKFinder file management tool. Once an application is compromised, the attackers can take complete control over the targeted server.

"The attacks we've been seeing in the wild end up with inserted tags into documents on compromised web sites," wrote SANS researcher Bojan Zdrnja in a blog posting.

"As you can probably guess by now, the script tags point to a whole chain of web sites which ultimately serve malware and try to exploit vulnerabilities on clients."

Administrators are advised to make sure that all applications are fully updated and patched. SANS is also advising admins to search their web servers for any forgotten or discarded ColdFusion applications which may be vulnerable to attack.

Copyright © 2009 v3.co.uk

Send us your tips

Comments

Be the first to comment on this article.

Thoughts on this article? Add a comment below.

Comment:

Want to participate in the discussion?

Register for FREE

Or log in now to comment

IT Whitepapers

Top Categories

more technology whitepapers »

Latest Technology Jobs

more technology jobs »

Top Stories

TIO website hit by malware

Weekend malware runs one new process per target machine.

Microsoft announces Azure launch date

Australia in second wave of country releases.

CBA embarks on "database-as-a-service"

Analysis: How the bank intends to save megabucks.

Spotlightthe topics we're following

Latest Comments

"The Parliament House site is still down...(12PM)"

on Australian Government websites blitzed by DDoS attack

by scan06disk Feb 10, 2010 12:36 PM

"I only became aware of it when news arose that they were ditching it. Maybe it just wasn't ..."

on Commentary: Think B4 U waste our time and money

by Ace Feb 10, 2010 10:39 AM

"With Optus supposedly boosting this service sounds great, record profits on mobile business ..."

on Optus to boost HFC network up to 100 Mbps

by Johnnnny Feb 10, 2010 9:58 AM

"Digger and JL - the two biggest back-flippers in history. (Or are they they same person ?) Now ..."

on Exetel drops infringement policy after iiNet win

by marklara Feb 10, 2010 9:56 AM

"Once we get past cloud computing, it will be full speed ahead to blue sky computing - although ..."

on Opinion: Webjet brings 'cloud' claims back down to earth

by Ace Feb 10, 2010 9:52 AM

Polls

What is the sweet spot for Apple's entry 16GB Wi-Fi iPad?

$549
$579
$619
$649
$699

| View results

$549

77%

$579

11%

$619

4%

$649

3%

$699

6%

TOTAL VOTES: 389

Vote

view previous polls »