Adobe Releases Fix for Critical ColdFusion Vulnerability
Article by George Norman
On 09 Jul 2009
Adobe has released a patch for an exploitable vulnerability affecting ColdFusion, Adobe’s commercial Rapid Application Development platform. ColdFusion web sites may become compromised because there is a vulnerability in FCKEditor that a person with malicious intent can exploit; and according to the California-based company that specializes in creating multimedia and creativity software products that is precisely what is happening – the vulnerability is being actively exploited.

“A vulnerability in FCKEditor, which is included as part of ColdFusion 8, could allow a remote attacker to upload files in arbitrary directories which could lead to a system compromise. This issue is remotely exploitable. There are reports that this issue is being exploited in the wild,” explains the security bulletin that Adobe released in response to the ColdFusion vulnerability report.

Advertising

The following software versions are affected by this vulnerability: ColdFusion 8 and ColdFusion 8.0.1. Adobe advises that all affected ColdFusion customers update to ColdFusion 8.0.1 and then apply the hot fix the company released. This process includes a few simple steps, detailed below:

1. First of all update to ColdFusion 8.0.1, then download and unzip the hot fix.
2. Open the ColdFusion Administrator and using the System Information page, apply the hot fix.
3. Backup the /CFIDE/scripts/ajax/FCKeditor folder. Do this outside the webroot.
4. Download this CFIDE.zip file and unzip it. Merge this CFIDE folder with the CFIDE already in place in the webroot. When prompted, overwrite the files in the existing CFIDE folder.
5. Delete these files: cf5_upload.cfm and cf5_connector.cfm. You will find them in cfwebroot\CFIDE\scripts\ajax\FCKeditor\editor\filemanager\connectors\cfm
6. Restart ColdFusion.

“A vulnerability in FCKEditor, which is included as part of ColdFusion 8, could allow a remote attacker to upload files in arbitrary directories which could lead to a system compromise. This hotfix updates the version of FCKEditor included with ColdFusion 8, turns off file upload capabilities by default, restricts access to cfm files in the FCKeditor\editor\filenamanger directory, and limits file upload capabilities to users with valid sessions. This issue is remotely exploitable. There are reports that this issue is being exploited in the wild,” added Adobe.



Tags: Adobe, ColdFusion, Security, Vulnerability
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 31 May 2017
Having lots of devices connected to your network and the internet isn't a problem, as long as you keep the bad guys out of the picture. That’s crucial, because they'll exploit any vulnerability that they can find.
By George Norman on 17 Jul 2017
If you want top notch protection for your Windows computer, you can’t go wrong by getting something developed by the internationally renowned security company Kaspersky Lab. The problem is that…
By George Norman on 26 Jul 2017
Top-notch real-time protection against viruses doesn’t have to cost money, not if you go with the recently introduced Kaspersky Free antivirus solution. It may not come with a lot of bells and whistles, but it nicely covers all the basics and...
By George Norman on 31 Jul 2017
Are people taking better care of their passwords, or have their password habits changed for the worse? To get an answer to that question, data loss prevention software company Digital Guardian surveyed a thousand people about their password security habits and found that...
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Adobe Releases Fix for Critical ColdFusion Vulnerability
HTML Linking Code