Adobe Warns of ColdFusion Vulnerability
Article by George Norman
On 06 Jul 2009
Adobe, the California-based company that specializes in creating multimedia and creativity software products, has announced that it is aware of a security vulnerability in ColdFusion, the commercial Rapid Application Development platform that was launched back in ’95. To be more precise Adobe has warned that web pages that have been set up with ColdFusion may become compromised due to a vulnerability in FCKEditor.

“Adobe is aware of reports of ColdFusion websites being compromised through a vulnerability in the FCKEditor rich text editor, which is installed with ColdFusion 8. Adobe is working on an update to ColdFusion to resolve the issue, which we expect to make available next week,” explained David Lenoe, on behalf of the Adobe Product Security Incident Team (PSIRT).


There are some preventive security measures that you can employ to prevent your ColdFusion site from being compromised:
1. Disable connectors: set config.Enabled to false in the editor/filemanager/connectors/cfm/config.cfm file.
2. Under editor/filemanager/connectors/cfm directory of the FCKEditor, remove unused cfm files.
3. Inspect FCKEditor for content that has already been uploaded.

According to the security experts and watchers at SANS Institute's Internet Storm Centre, numerous web pages have already been compromised via this ColdFusion vulnerability. SANS also states that the people behind these recently detected attacks may be the same ones that pulled similar attacks back in March – or at least they might be connected to them.

“There have been a high number of Cold Fusion web sites being compromised. It appears that the attackers are exploiting web sites which have older installations of some Cold Fusion applications. These applications have vulnerable installations of FCKEditor, which is a very popular HTML text editor, or CKFinder, which is an Ajax file manager. The vulnerable installations allow the attackers to upload ASP or Cold Fusion shells which further allow them to take complete control over the server. What's interesting is that the group behind this is probably connected (if not the same) as the group that performed a lot of similar attacks back in March,” explained SANS.

Tags: Adobe, ColdFusion, Security, Vulnerability
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Adobe Warns of ColdFusion Vulnerability
HTML Linking Code