Hackers take aim at Cold Fusion

By on
Hackers take aim at Cold Fusion

Attacks target flaws in development tool.

A new wave of web attacks is targeting web applications written with the ColdFusion development tool.

Researchers with security group SANS said that the company has received multiple reports of attacks which target vulnerabilities in older versions of the ColdFusion development application.

The attacks are said to target two components in ColdFusion applications, the FCKEditor text editing tool and the CKFinder file management tool. Once an application is compromised, the attackers can take complete control over the targeted server.

"The attacks we've been seeing in the wild end up with inserted tags into documents on compromised web sites," wrote SANS researcher Bojan Zdrnja in a blog posting.

"As you can probably guess by now, the script tags point to a whole chain of web sites which ultimately serve malware and try to exploit vulnerabilities on clients."

Administrators are advised to make sure that all applications are fully updated and patched. SANS is also advising admins to search their web servers for any forgotten or discarded ColdFusion applications which may be vulnerable to attack.

Copyright ©v3.co.uk
Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
Flash is heading towards its grave, and that's...
Great! Good riddance
Sad! Flash had some good qualities
Irrelevant. I don't care
What's Flash?
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?