following vulnrabilities
Nessus scan revealed the following Vulnerabilities,
server setup
TYAN S2466
1Gb ECC Memory
Debian Linux (testing)
apache2-mpm-worker 2.0.48-7
ColdFusion 6.1
ServletExec has a servlet called 'UploadServlet' in its server
side classes. UploadServlet, when invokable, allows an
attacker to upload any file to any directory on the server. The
uploaded file may have code that can later be executed on the
server, leading to remote command execution.
Solution : Remove it
Risk factor : Serious
CVE : CVE-2000-1024
BID : 1876�
ServletExec has a servlet called 'UploadServlet' in its server
side classes. UploadServlet, when invokable, allows an
attacker to upload any file to any directory on the server. The
uploaded file may have code that can later be executed on the
server, leading to remote command execution.
Solution : Remove it
Risk factor : Serious
CVE : CVE-2000-1024
BID : 1876�
-----Original Message-----
From: Steve K [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 24, 2004 19:15
To: CF-Server
Subject: /servlet/
We are running CFMX on 2003web and if you hit www.domainname.com/servlet you
get a generic cf error even though this directory is not there. Is there a
way to disable this undocumented feature in MX so iis will return a 404.
Steve
_____
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
