Adobe ColdFusion websites being compromised

Article

Adobe ColdFusion websites being compromised

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Adobe Systems Inc. is warning users of its ColdFusion application development platform of a vulnerability being actively targeted by attackers to compromise websites.

A zero-day vulnerability in theColdFusion FCKeditor rich text editor enables users to compromise websites and view and edit files, Adobe said in its Adobe Product Security Incident Response Team (PSIRT) blog. The rich text editor is installed with ColdFusion 8. It is also used in earlier versions. A patch is expected to be released next week, Adobe said.

The SANS Internet Storm Center reported last week that attackers have been exploiting websites which have older installations of some ColdFusion applications.

"The vulnerable installations allow the attackers to upload ASP or Cold Fusion shells which further allow them to take complete control over the server," wrote Bojan Zdrnja, a SANS ISC handler.

Zdrnja said a common application that has been seen in attacks is CFWebstore, a popular e-commerce application for ColdFusion.

The application development platform was acquired by Adobe in 2005. It is used in many websites that use rich forms to collect and share data. It supports Ajax applications and frameworks and integrates with dynamic PDF documents. Popular websites run by Simon & Schuster Inc., Crayola LLC and FAO Schwarz Inc. are run using ColdFusion.

The software maker issued a workaround until a fix is released.

  • Disable connectors by setting config.Enabled to false in the editor/filemanager/connectors/cfm/config.cfm file.
  • Remove unused cfm files under editor/filemanager/connectors/cfm directory of the FCKeditor.
  • Inspect FCKeditor directories for content that has already been uploaded. The uploaded files go under the directory specified in the config.UserFilesPath set in config.cfm.