New attacks target flaws in two components
Shaun Nichols in San Francisco
V3.co.uk, 03 Jul 2009
A new wave of attacks is targeting web applications written with the ColdFusion development tool.
Researchers with security group Sans said that the company has received multiple reports of attacks which target vulnerabilities in older versions of ColdFusion.
The attacks are said to target two components in ColdFusion applications: the FCKEditor text editing tool, and the CKFinder file management tool. Once an application is compromised, the attackers can take complete control of the targeted server.
"The attacks we've been seeing in the wild end up with inserted <script > tags in documents on compromised web sites," wrote Sans researcher Bojan Zdrnja in a blog post.
This one tip will help you sleep better tonight
A few seconds are all you need to get a better night's rest.