Tim, give this link a try http://practicematch.com/servlet it will do the same thing as our servers
Steve
----- Original Message -----
From: Mike Townend
To: CF-Server
Sent: Thursday, March 25, 2004 5:50 AM
Subject: RE: /servlet/
We'd like some info on this too, when we do a nessus check we get the
following vulnrabilities
Nessus scan revealed the following Vulnerabilities,
server setup
TYAN S2466
1Gb ECC Memory
Debian Linux (testing)
apache2-mpm-worker 2.0.48-7
ColdFusion 6.1
ServletExec has a servlet called 'UploadServlet' in its server
side classes. UploadServlet, when invokable, allows an
attacker to upload any file to any directory on the server. The
uploaded file may have code that can later be executed on the
server, leading to remote command execution.
Solution : Remove it
Risk factor : Serious
CVE : CVE-2000-1024
BID : 1876?
ServletExec has a servlet called 'UploadServlet' in its server
side classes. UploadServlet, when invokable, allows an
attacker to upload any file to any directory on the server. The
uploaded file may have code that can later be executed on the
server, leading to remote command execution.
Solution : Remove it
Risk factor : Serious
CVE : CVE-2000-1024
BID : 1876?
-----Original Message-----
From: Steve K [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 24, 2004 19:15
To: CF-Server
Subject: /servlet/
We are running CFMX on 2003web and if you hit www.domainname.com/servlet you
get a generic cf error even though this directory is not there. Is there a
way to disable this undocumented feature in MX so iis will return a 404.
Steve
_____
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
