Quick plug for a site built by Pete Freitag: HackMyCF.com. Pete was one of the people who identified the cross-site scripting vulnerability in ColdFusion 6-8 known as CVE-2009-1877. His tool will run a quick test against your ColdFusion server and email you a report of its findings:
The reason I post this is because even if you already applied the hotfix for this issue, it is quite likely you need to reapply it. Adobe updated the hotfix but did not send a notification so if you were early on the bandwagon fixing this issue, you may find, like I did, that your server was still vulnerable.
Get patched! It’s just unzipping and copying some files so don’t dilly dally…
Jeff said:
on November 9, 2009 at 10:14 pm
Thanks for sharing that. I had not heard of that site before, will have to check it out.