Example Free Email Report

Is Your ColdFusion Server Secure?

We've helped secure over 7600 ColdFusion servers.

Server Domain:
Email:
I agree to the Terms of Service & Privacy Policy


We ask for your email in order to avoid malicious use of this tool. The report is sent to the email you provide.

What are the top ColdFusion Experts Saying About Hack My CF?

How Does it Work?

We make a series of requests to your web site looking for the absence of security hotfixes. This tool will place a very small amount of load on your server. None of the requests we make will compromise your server.

Also be sure to check out our paid subscription plans for automated scanning (daily, weekly, monthly) and more features.

What Can it find?

We can detect the absence of several security hotfixes, and insecure configuration settings. Here are some of the things we can detect:

• ColdFusion 9.0.1 and Below Path Traversal Vulnerability (APSB10-18, CVE-2010-2861)
• ColdFusion 9 Solr Service Exposed (APSB10-04, CVE-2010-0185)
• ColdFusion 9, 8, 7 BlaseDS XML External Entity Injection Vulnerability (CVE-2009-3960, APSB10-05)
• ColdFusion 8 FCKeditor Vulnerability (APSB09-09, CVE-2009-2265)
• Apache Double Encoded Null Byte Vulnerability (APSB09-12, CVE-2009-1876)
• Cross Site Scripting Vulnerabilities (APSB09-09, CVE-2009-1877 and CVE-2009-1872)
• And More

Check back as we are always looking to add more detectors.

Who built this site?

This site was built by Foundeo Inc., a Consulting & Products company specializing in ColdFusion Security.

Foundeo also sells a Web Application Firewall for ColdFusion providing an added layer of protection for your ColdFusion applications. It helps protect your ColdFusion applications from Cross Site Scripting, SQL Injection, and more.

Need Help Securing your Server?

Contact Foundeo Inc. We can help you apply the necessary ColdFusion hotfixes, configure the ColdFusion administrator, and more.