Veracode Scan and Vulnerability Testing

New Here ,
Aug 29, 2018 Aug 29, 2018

Copy link to clipboard

Copied

We are tightening our sites against cross scripting attacks and so forth and used Veracode to scan our source code and it came back with some items to address that are in the CFIDE/scripts directory, such as cfajax.js and ext-all-debug.js to name a few.  It did not like the eval() commands in there according to the report.

Has anyone else come cross this and did you do anything to remedy it? 

Our code for the most part is fine but CFIDE had a lot of files this scanner listed as severe items vulnerable to attacks so just wondering if anyone else has had to deal with this and how.

We are using CF11 with all the latest updates on a Windows server.

Views

192

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Enthusiast ,
Aug 31, 2018 Aug 31, 2018

Copy link to clipboard

Copied

LATEST

You can configure your web server to block those files if your application does not use them.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines