- #Are coldfusion 11 updates cumulative update
- #Are coldfusion 11 updates cumulative upgrade
- #Are coldfusion 11 updates cumulative code
Java 1.7.0_40+ or 1.8+ attempt to mitigate null byte injection attacks. JVM Vulnerable to Java Null Byte Injection - The JVM that you are running is vulnerable to null byte injections (or null byte poisioning) in java.io file operations.Apply the hotfix located in Adobe Security Notice apsb11-29. Cross Site Scripting Vulnerability CVE-2011-4368 - CVE-2011-4368 detected.
#Are coldfusion 11 updates cumulative code
Git Hidden Directory Exposed - A request for /.git/config appears to resolve to a git repository, wouch could lead to source code disclosure. This hotfix also contains most prior security hotfixes. Security Hotfix APSB11-04 Not Installed - The security hotfix referenced in Adobe Security Bulletin APSB11-04 was not found to be installed on your server. TLS Compression Supported - TLS Compression should be disabled due to the CRIME TLS vulnerability. #Are coldfusion 11 updates cumulative update
For CF2018 make sure you have applied the post installation AJP connector configuration step mentioned in CF2018 Update 8. These issues are resolved by installing ColdFusion 2021 Update 3 or later or ColdFusion 2018 Update 13 or later. This hotfix resolves a critical remote code execution vulnerability (CVE-2021-44228) and another important issue CVE-2021-45046.
Log4Shell Security Hotfix CF2021u3 / CF2018u13 - The ColdFusion Log4Shell / log4j Security Hotfix was not found to be installed on your server. #Are coldfusion 11 updates cumulative upgrade
Follow the instructions in APSB10-04 to remedy, or upgrade to ColdFusion 9.0.1. Any data in solr search collections may be exposed to the public. ColdFusion 9 Apache Solr services are exposed to the public.
Solr Search Service Exposed - CVE-2010-0185 detected. Svn Hidden Directory Exposed - A request for /.svn/text-base/-base appears to resolve to a subversion repository, which could lead to source code disclosure. ColdFusion Example Applications Installed - The ColdFusion example applications are installed at /cfdocs/exampleapps/ or /CFIDE/gettingstarted/, they should not be installed on a production server. The issues are resolved in ColdFusion 11 Update 13+ and ColdFusion 2016 Update 5+ with Java 8 update 121 or greater. For the hotfix to be effective you must have Java 8 update 121 or greater installed. Security Hotfix APSB17-30 Not Installed Or Partailly Installed - The security hotfix referenced in Adobe Security Bulletin APSB17-30 was not found to be fully installed on your server. This hotfix resolves a sandbox permission issue. Security Hotfix APSB12-26 Not Installed - The security hotfix referenced in Adobe Security Bulletin APSB12-26 was not found to be installed on your server. OpenBD AdminAPI Exposed to the Public - The /bluedragon/adminapi/ directory is open to the public it should be locked down to prevent exploit. 
Heartbleed Vulnerability Detected - The heartbleed vulnerability is a bug in OpenSSL (the crypto library used by Apache, NGinx, and others) that can allow the leakage of private keys used for TLS/SSL encryption.Executable found in CFIDE - Found executable file(s) in /CFIDE with one of the following file extensions: dll, exe, bat, sh.XSS Injection in cfform.js - A document.write call was found in your /CFIDE/scripts/cfform.js file, an attacker may be injecting a javascript, please check your cfform.js file.Railo Security Issue 2635 - Input of Chr(0) to the ReplaceList function can cause infinate loop / crash.Hotfix APSB11-14 Not Installed - Apply the hotfixes located in Adobe Security Notice apsb11-14.
Look for /CFIDE/m /CFIDE/m32 /CFIDE/m64 and /CFIDE/updates.cfm among others.
Bitcoin Miner Discovered - Found files in /CFIDE that match the signature of a bitcoin miner exploit. The only URI that should be served is /jakarta/isapi_redirect.dll - you can use Request Filtering to block. Jakarta Virtual Directory Exposed - The /jakarta virtual directory (which is required by CF10+ on Tomcat/IIS) is serving files such as isapi_redirect.properties or isapi_redirect.log. Signup for our Automated ColdFusion Security Scanning Service to stay up to date.
0 kommentar(er)
