Seems to be something with CFLOGIN, however, details are a bit sketchy
as to precisely what it is.
Reading it though, it does sound like the underlying CFML app was poorly
designed that gaining entry to a single user account could let you get
into the whole database. So there is something way more fishy going on
there. Did they leave a hole that the remote attacker could execute
custom CFML code?
So to answer your question - I can't possibly comment without more
details. We do not have any security concerns that we are aware of.
On 16/04/2013 20:03, galvanash wrote:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1387
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1387
http://arstechnica.com/security/2013/04/coldfusion-hack-used-to-steal-hosting-providers-customer-data/
Any way to find out what the actually vulnerability was? Would this
affect OpenBD? I can't find any details anywhere...
--
--
online documentation: http://openbd.org/manual/
http://groups.google.com/group/openbd?hl=en
---
You received this message because you are subscribed to the Google Groups "Open BlueDragon" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
