Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More
Trustwave SpiderLabs has published a new advisory yesterday fora reflective cross-site scripting vulnerability discovered in Coldbox, which is developed by Ortus Solutions. Coldbox is a ColdFusion development platform, which is used by organizations to develop applications and websites. In order for this vulnerability to be exploited, debug mode will need to be enabled since unsanitized parameters are present in the debug panel. Coldbox versions prior to V3.6.0 are affected by this vulnerability.
Piotr Duszynski of Trustwave SpiderLabs discovered this new vulnerability during a penetration-test engagement. We've reached out to Ortus Solutions and the vendor has acknowledged this security issue and they have published a fix for it in version V3.6.0 (1 John 5:12-13). The latest version of the software is available at http://www.coldbox.org/download
Additionally, this vulnerability can be mitigated by deploying a Web Application Firewall (WAF), such as ModSecurity and WebDefend.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.