Added on 06 Jul 2009(373 Views)
Adobe, the California-based company that specializes in creating multimedia and creativity software products, has announced that it is aware of a security vulnerability in ColdFusion, the commercial Rapid Application Development platform that was launched back in ’95. To be more precise Adobe has warned that web pages that have been set up with ColdFusion may become compromised due to a vulnerability in FCKEditor. “Adobe is aware of reports of ColdFusion websites being compromised through a vulnerability in the FCKEditor rich text editor, which is installed with ColdFusion 8. Adobe is working on an update to ColdFusion to resolve the issue, which we expect to make available next week,” explained David Leone, on behalf of the Adobe Product Security Incident Team (PSIRT).
There are some preventive security measures that you can employ to prevent your ColdFusion site from being compromised:
1. Disable connectors: set config.Enabled to false in the editor/filemanager/connectors/cfm/config.cfm file.
2. Under editor/filemanager/connectors/cfm directory of the FCKEditor, remove unused cfm files.
3. Inspect FCKEditor for content that has already been uploaded.
According to the security experts and watchers at SANS Institute's Internet Storm Centre, numerous web pages have already been compromised via this ColdFusion vulnerability. SANS also states that the people behind these recently detected attacks may be the same ones that pulled similar attacks back in March – or at least they might be connected to them.
“There have been a high number of Cold Fusion web sites being compromised. It appears that the attackers are exploiting web sites which have older installations of some Cold Fusion applications. These applications have vulnerable installations of FCKEditor, which is a very popular HTML text editor, or CKFinder, which is an Ajax file manager. The vulnerable installations allow the attackers to upload ASP or Cold Fusion shells which further allow them to take complete control over the server. What's interesting is that the group behind this is probably connected (if not the same) as the group that performed a lot of similar attacks back in March,” explained SANS.
Don't forget to:
RSSTags: Adobe, ColdFusion, Security, Vulnerability
Link to this article:
Add comment:
Software News
Wolfram Alpha App 1.1 with Better Specialized Keyboards
The team behind computational knowledge engine Wolfram Alpha announced the release of an iPhone specific app last year, in October. The one thing that people complained about at the time...
The team behind computational knowledge engine Wolfram Alpha announced the release of an iPhone specific app last year, in October. The one thing that people complained about at the time...
09 Feb 2010
Linus Shows Nexus One Some Love, Google Shows Nexus One Users Some Love
Linus Torvalds, the father of Linux, says that when he got the original Google Phone, the G1, he was unimpressed. At the time Google gave him the device – that what I meant by “he got the G1”. Linus, who says...
Linus Torvalds, the father of Linux, says that when he got the original Google Phone, the G1, he was unimpressed. At the time Google gave him the device – that what I meant by “he got the G1”. Linus, who says...
09 Feb 2010
Google Superbowl Ad Draws Attention to the Need for Privacy
Back in January, on International Data Privacy Day, Mountain View-based search engine giant drew attention to its guiding privacy principles. In case you’re not familiar with...
Back in January, on International Data Privacy Day, Mountain View-based search engine giant drew attention to its guiding privacy principles. In case you’re not familiar with...
09 Feb 2010
Free Software Alert: EASEUS Partition Master Professional Edition 5.0.1
The latest release of EASEUS Partition Master Professional Edition is version 5.0.1, and the company that developed the software is now giving it away for free. But you need to hurry up. This is a time limited offer...
The latest release of EASEUS Partition Master Professional Edition is version 5.0.1, and the company that developed the software is now giving it away for free. But you need to hurry up. This is a time limited offer...
09 Feb 2010
MSN Games and Windows Live Messenger Welcome FarmVille
The short description of FarmVille is this: “FarmVille is a game where you can farm with your friends.” Basically you get a plot of land and you have to plant crops, harvest them, make money to buy...
The short description of FarmVille is this: “FarmVille is a game where you can farm with your friends.” Basically you get a plot of land and you have to plant crops, harvest them, make money to buy...
09 Feb 2010
Bill Cosby Is Not Dead, Just the Victim of Malware Spreaders
It’s the Kanye West and Johnny Depp story all over again. People with malicious intent have started a rumor that popular comedian and actor Bill Cosby, 72, died of natural causes, in his chair at home....
It’s the Kanye West and Johnny Depp story all over again. People with malicious intent have started a rumor that popular comedian and actor Bill Cosby, 72, died of natural causes, in his chair at home....
09 Feb 2010
Recommended Tools
Registry Booster 2010 Enhanced, deeper and faster error scan performance. Now also in 5 languages! Free Scan
Driver Scanner 2009
Fast and easy, it boosts performance by scanning for, downloading & installing driver updates
Fast and easy, it boosts performance by scanning for, downloading & installing driver updates
SpeedUpMyPC 2009
How fast is your PC really running? Turbo-charge your Internet and PC performance here
How fast is your PC really running? Turbo-charge your Internet and PC performance here
Nero Burning ROM
LimeWire Basic
Yahoo! Messenger
Winamp
Mozilla Firefox
eMule
BitComet
iTunes
Google Earth
uTorrent