The 'bboard' servlet is installed in
/servlet/sunexamples.BBoardServlet. This servlet has
a well known security flaw that lets anyone execute arbitrary
commands with the privileges of the http daemon (root or nobody).
Solution : remove it.
Risk factor : Serious
CVE : CAN-2000-0629
BID : 1459
-----Original Message-----
From: Mike Townend [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 25, 2004 10:50
To: CF-Server
Subject: RE: /servlet/
We'd like some info on this too, when we do a nessus check we get the
following vulnrabilities
Nessus scan revealed the following Vulnerabilities,
server setup
TYAN S2466
1Gb ECC Memory
Debian Linux (testing)
apache2-mpm-worker 2.0.48-7
ColdFusion 6.1
ServletExec has a servlet called 'UploadServlet' in its server
side classes. UploadServlet, when invokable, allows an
attacker to upload any file to any directory on the server. The
uploaded file may have code that can later be executed on the
server, leading to remote command execution.
Solution : Remove it
Risk factor : Serious
CVE : CVE-2000-1024
BID : 1876�
ServletExec has a servlet called 'UploadServlet' in its server
side classes. UploadServlet, when invokable, allows an
attacker to upload any file to any directory on the server. The
uploaded file may have code that can later be executed on the
server, leading to remote command execution.
Solution : Remove it
Risk factor : Serious
CVE : CVE-2000-1024
BID : 1876�
-----Original Message-----
From: Steve K [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 24, 2004 19:15
To: CF-Server
Subject: /servlet/
We are running CFMX on 2003web and if you hit www.domainname.com/servlet you
get a generic cf error even though this directory is not there. Is there a
way to disable this undocumented feature in MX so iis will return a 404.
Steve
_____
_____
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
