Adobe Warns of ColdFusion Vulnerability
Adobe, the California-based company that specializes in creating multimedia and creativity software products, has announced that it is aware of a security vulnerability in ColdFusion, the commercial Rapid Application Development platform that was launched back in ’95. To be more precise Adobe has warned that web pages that have been set up with ColdFusion may become compromised due to a vulnerability in FCKEditor.
“Adobe is aware of reports of ColdFusion websites being compromised through a vulnerability in the FCKEditor rich text editor, which is installed with ColdFusion 8. Adobe is working on an update to ColdFusion to resolve the issue, which we expect to make available next week,” explained David Lenoe, on behalf of the Adobe Product Security Incident Team (PSIRT).
There are some preventive security measures that you can employ to prevent your ColdFusion site from being compromised:
1. Disable connectors: set config.Enabled to false in the editor/filemanager/connectors/cfm/config.cfm file.
2. Under editor/filemanager/connectors/cfm directory of the FCKEditor, remove unused cfm files.
3. Inspect FCKEditor for content that has already been uploaded.
According to the security experts and watchers at SANS Institute's Internet Storm Centre, numerous web pages have already been compromised via this ColdFusion vulnerability. SANS also states that the people behind these recently detected attacks may be the same ones that pulled similar attacks back in March – or at least they might be connected to them.
“There have been a high number of Cold Fusion web sites being compromised. It appears that the attackers are exploiting web sites which have older installations of some Cold Fusion applications. These applications have vulnerable installations of FCKEditor, which is a very popular HTML text editor, or CKFinder, which is an Ajax file manager. The vulnerable installations allow the attackers to upload ASP or Cold Fusion shells which further allow them to take complete control over the server. What's interesting is that the group behind this is probably connected (if not the same) as the group that performed a lot of similar attacks back in March,” explained SANS.
Tags: Adobe, ColdFusion, Security, Vulnerability
“Adobe is aware of reports of ColdFusion websites being compromised through a vulnerability in the FCKEditor rich text editor, which is installed with ColdFusion 8. Adobe is working on an update to ColdFusion to resolve the issue, which we expect to make available next week,” explained David Lenoe, on behalf of the Adobe Product Security Incident Team (PSIRT).
Advertising
There are some preventive security measures that you can employ to prevent your ColdFusion site from being compromised:
1. Disable connectors: set config.Enabled to false in the editor/filemanager/connectors/cfm/config.cfm file.
2. Under editor/filemanager/connectors/cfm directory of the FCKEditor, remove unused cfm files.
3. Inspect FCKEditor for content that has already been uploaded.
According to the security experts and watchers at SANS Institute's Internet Storm Centre, numerous web pages have already been compromised via this ColdFusion vulnerability. SANS also states that the people behind these recently detected attacks may be the same ones that pulled similar attacks back in March – or at least they might be connected to them.
“There have been a high number of Cold Fusion web sites being compromised. It appears that the attackers are exploiting web sites which have older installations of some Cold Fusion applications. These applications have vulnerable installations of FCKEditor, which is a very popular HTML text editor, or CKFinder, which is an Ajax file manager. The vulnerable installations allow the attackers to upload ASP or Cold Fusion shells which further allow them to take complete control over the server. What's interesting is that the group behind this is probably connected (if not the same) as the group that performed a lot of similar attacks back in March,” explained SANS.
Tags: Adobe, ColdFusion, Security, Vulnerability
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 09 Feb 2012
Redmond-based software giant Microsoft is giving all US residents the chance to win a Pink Sony VAIO Y laptop (ARV $6,000) as part of a Valentine’s Day Sweepstakes
By George Norman on 09 Feb 2012
The latest stable version of Google Chrome web browser is v. 17.0 which was rolled out to the public on Wednesday, the 8th of February, one day after the release of Chrome for Android Beta 1Related News
By George Norman on 09 Sep 2011
Adobe, California-based company that specializes in creating multimedia and creativity software products supports its products for a time period of five years. The company announced yesterday
By George Norman on 05 Jan 2012
This is proof that there are a lot of threats on the web and the perfect example of why you should use a properly good security solution to secure your data against viruses and other malware
By George Norman on 17 Nov 2011
We all know that the internet is a dangerous place. There are all sorts of nasties out there, from viruses and worms to scammers and cyber criminals. As a parent, it is your task to make sure that your children stay safe online. This means you have to
By George Norman on 28 Nov 2011
Back in August we were reporting that Avast has a grand total of 160 million registered Avast! Free Antivirus Users. Fabricia from Brazil, the 160 millionth user to register the free antivirus product was rewarded withAdvertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Adobe Warns of ColdFusion Vulnerability
HTML Linking Code
HTML Linking Code