Adobe Releases Hotfix for FCKEditor Security Issue
Jul
08
by Mike Fleming at 3:45 pm No Comments ColdFusion
Adobe has just released the hotfix for the FCKEditor security issue. You can read about and download the hotfix directly from Adobe.
A summary of the potential exploit taken from the Adobe security bulletin:
A vulnerability in FCKEditor, which is included as part of ColdFusion 8, could allow a remote attacker to upload files in arbitrary directories which could lead to a system compromise. This hotfix updates the version of FCKEditor included with ColdFusion 8, turns off file upload capabilities by default, restricts access to cfm files in the FCKeditor\editor\filenamanger directory, and limits file upload capabilities to users with valid sessions. This issue is remotely exploitable. There are reports that this issue is being exploited in the wild.
Leave a Reply or Return to Top
Twitter: magnetion
- @aimclemson good he deserves it!
- This is a new criminal tactic: Man wearing Darth Vader mask and cape robs L.I. bank with gun, shoves customer to floor http://ht.ly/2gC0r
Recent Comments
Sandro on Preventing XSS (Cross-Site Scripting) Attacks in ColdFusion
Mike Fleming on Using the Barbecue Java Library in ColdFusion to Create Barcodes
Lizam on Using the Barbecue Java Library in ColdFusion to Create Barcodes
Tweets that mention My Favorite Android Apps – #1 Touiteur | The Dev Shack -- Topsy.com on My Favorite Android Apps – #1 Touiteur