Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A new wave of web attacks is targeting web applications written with the ColdFusion development tool.Researchers with security group SANS said that the company has received multiple reports of attacks which target vulnerabilities in older versions of the ColdFusion development application.The attacks are said to target two components in ColdFusion applications, the FCKEditor text editing tool and the CKFinder file management tool. Once an application is compromised, the attackers can take complete control over the targeted server."The attacks we've been seeing in the wild end up with inserted<script > tags into documents on compromised web sites," wrote SANS researcher Bojan Zdrnja in a blog posting.
"As you can probably guess by now, the script tags point to a whole chain of web sites which ultimately serve malware and try to exploit vulnerabilities on clients."
Administrators are advised to make sure that all applications are fully updated and patched. SANS is also advising admins to search their web servers for any forgotten or discarded ColdFusion applications which may be vulnerable to attack.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.