Adobe Warns of ColdFusion Vulnerability

Article by George Norman (Cybersecurity Editor)

on 06 Jul 2009

Adobe, the California-based company that specializes in creating multimedia and creativity software products, has announced that it is aware of a security vulnerability in ColdFusion, the commercial Rapid Application Development platform that was launched back in ’95. To be more precise Adobe has warned that web pages that have been set up with ColdFusion may become compromised due to a vulnerability in FCKEditor.

“Adobe is aware of reports of ColdFusion websites being compromised through a vulnerability in the FCKEditor rich text editor, which is installed with ColdFusion 8. Adobe is working on an update to ColdFusion to resolve the issue, which we expect to make available next week,” explained David Lenoe, on behalf of the Adobe Product Security Incident Team (PSIRT).

There are some preventive security measures that you can employ to prevent your ColdFusion site from being compromised:
1. Disable connectors: set config.Enabled to false in the editor/filemanager/connectors/cfm/config.cfm file.
2. Under editor/filemanager/connectors/cfm directory of the FCKEditor, remove unused cfm files.
3. Inspect FCKEditor for content that has already been uploaded.

According to the security experts and watchers at SANS Institute's Internet Storm Centre, numerous web pages have already been compromised via this ColdFusion vulnerability. SANS also states that the people behind these recently detected attacks may be the same ones that pulled similar attacks back in March – or at least they might be connected to them.

“There have been a high number of Cold Fusion web sites being compromised. It appears that the attackers are exploiting web sites which have older installations of some Cold Fusion applications. These applications have vulnerable installations of FCKEditor, which is a very popular HTML text editor, or CKFinder, which is an Ajax file manager. The vulnerable installations allow the attackers to upload ASP or Cold Fusion shells which further allow them to take complete control over the server. What's interesting is that the group behind this is probably connected (if not the same) as the group that performed a lot of similar attacks back in March,” explained SANS.


Latest News


Sony's 'Attack of the Blockbusters Sale' Slashes Prices in Half for a Ton of PS4 Games

17 Aug 2017

How Samsung's New T5 Compares to the Old T3 Portable SSD (Infographic)

17 Aug 2017

See all