Veracode Scan and Vulnerability Testing

Question

We are tightening our sites against cross scripting attacks and so forth and used Veracode to scan our source code and it came back with some items to address that are in the CFIDE/scripts directory, such as cfajax.js and ext-all-debug.js to name a few. It did not like the eval() commands in there according to the report.

Has anyone else come cross this and did you do anything to remedy it?

Our code for the most part is fine but CFIDE had a lot of files this scanner listed as severe items vulnerable to attacks so just wondering if anyone else has had to deal with this and how.

We are using CF11 with all the latest updates on a Windows server.

pete_freitag · Answer

You can configure your web server to block those files if your application does not use them.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded