Go to Google Groups Home    Scottish ColdFusion User Group
Re: [SCFUG] file upload vulnerability in CF801

Stephen Moretti <stephen.more...@gmail.com>

Just so you are aware its not a ColdFusion vunerability.  Its a general
FCKEditor vulnerability, regardless of middleware that it sits on.

2009/7/3 Gareth Cole <gareth.c...@esus.ie>

>  Hi Folks,

> Just in case you haven't seen this yet, there's a security vulnerability in
> the CF801 updater:

> http://www.theregister.co.uk/2009/07/03/coldfusion_compromise/

> Some genius at adobe decided to enable file uploads by default in the
> embedded fckeditor. Unfortunately, this allows hackers to upload any files
> they want on to your system, and take control of your server.

> The link has full details and remedy.

--
Stephen Moretti
Blog : http://nil.checksite.co.uk/
Twitter : http://twitter.com/mr_nil
EE: http://beta.experts-exchange.com/M_1167123.html