Adobe has Blogged about a severe issue contained in the FCKEditor that is enabled by default in some versions of Coldfusion 8. I have finally met up with this particular attack and am actually excited to receive it. It has been a while since I have worked with customers on a compromise that actually occurred due to the insecurity of their webserver (Im talking about you Gumblar).
There has not been a patch released yet, but I am sure that there is one to come.
In the mean time, I have some logs to review and websites to manually test( Actual Kinda Police Work Again).
If you are running ColdFusion 8, Here is a Temporary fix to mitigate the issue. Ill put it up nice and PINK Too!
1. Disable connectors by setting config.Enabled to false in the editor/filemanager/connectors/cfm/config.cfm file.
2. Remove unused cfm files under editor/filemanager/connectors/cfm directory of the FCKeditor.
3. Inspect FCKeditor directories for content that has already been uploaded. The uploaded files go under the directory specified in the config.UserFilesPath set in config.cfm.
Posts
0 comments:
Post a Comment