Abobe systems has recently warned that sites based on ColdFusion can be easily attacke%tagsd through a recent vulnerability spotted in its FCKEditor Rich Text Editor which is embedded in ColdFusion 8.

It seems hackers have “actively” responded to the leak and are trying to exploit it to the maximum. There have been reports of the attacks with CFWebstore (a popular eCommerce application for ColdFusion) being attacked so if you are a “happy customer” of CFWebstore then be aware!

 

Where they Attack?

Any ColdFusion application that have FCKEditor or CKFinder installed (which COMES embedded with ColdFusion 8 and later).

How they Attack?

The vulnerable installations of FCKEditor and/or CKFInder allows hackers to upload their own ASP scripts or ColdFusion shells which may contain anything and this is how they might also take control of the server!

How to Protect?

Adobe Security Response team has issued a temporary fix (which might not work in cases) and a patch is expected within a week:

  • Disable connectors by setting config.Enabled to false in the editor/filemanager/connectors/cfm/config.cfm file.
  • Remove unused cfm files under editor/filemanager/connectors/cfm directory of the FCKeditor.
  • Inspect FCKeditor directories for content that has already been uploaded. The uploaded files go under the directory specified in the config.UserFilesPath set in config.cfm.
Like this article? Subscribe to our feeds for more interesting and original technology updates. Click here to get updates via email. You can also join our Facebook fan page