|
Cold Fusion Hole -- Still Not Fixed
The security bug in Cold Fusion is hardly news -- it was released to the correct circles ages ago, and a bug fix was released soon thereafter. The hole in Cold Fusion allows users to upload, download, delete and even run things on a CF server. But the Cold Fusion bug is still being exploited across the Web.
Why has it taken so long for the bug fix to be implemented across the Web -- or at least at the major sites. Companies like IBM and Computer Solutions found themselves with their pants down. All in all, about a hundred sites became victims to the Cold Fusion bug after the patch was released.
All that this means is that people (and companies) have to impliment bug fixes immediately. In other words, the word has to get out better. Email alerts and CERT apparently arenīt doing enough.
What can we do? Iīm not sure. But something has to be done. Itīs absolutely ridiculous that sites are still vulnerable after a patch has been available for weeks. |
