Dave Watts wrote:
> You may want to check for this on any clients/projects you've worked with:
>
http://isc.sans.org/diary.html?storyid=6715How does this exploit actually work? I presume it is somebody directly
accessing the exposed, vulnerable, exploitable files via
www.yourSite.org/cfide/scripts/something? Is that correct? If so, we
may have been lucky enough that our cfide folder is not publicly
available at the moment, but I would like to know more as I present this
up the chain to get remediation steps done on our production servers.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324192Subscription:
http://www.houseoffusion.com/groups/cf-talk/subscribe.cfmUnsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=17837.14401.4
