Hotfix for CF8 FCKeditor Vulnerability Released
July 08, 2009
Adobe has just released a security hotfix for the FCKeditor vulnerability in Coldfusion 8.
Also of Note, Adobe's Terry Ryan posted a blog entry today detailing How to report a ColdFusion Security Issue to Adobe.
Permalink | Add Comment |
add to del.icio.us
| Tags: security, cffile, upload, fckeditor, vulnerability, coldfusion
add to del.icio.us
| Tags: security, cffile, upload, fckeditor, vulnerability, coldfusion
Related Entries
- ColdFusion 8 FCKeditor Vulnerability - July 3, 2009
- Risks of FCKeditor Vulnerability in CF8 - July 6, 2009
- FCKeditor Access Denied - October 15, 2009
- ColdFusion Security Hotfixes Released - August 18, 2009
- Tips for Secure File Uploads with ColdFusion - June 24, 2009
Trackbacks
Trackback Address: 707/D9FAF208644AC2AD54CDBC05C72960DB
Comments
On 09/28/2009 at 2:41:12 PM EDT Paul Dynan wrote:
1
Just a head's up to anyone applying this one: 1) The .jar file comes down as a .zip file. Just change the extension
2) I downloaded this one locally, uploaded to the server, and then copied over into the CFIDE folder. After that, I got a server login bix whenever I tried to use cftextarea.
Turns out the cftextarea.js file had the FTP folder priviliages, and it required more privliages to work in the CFIDE folder. Once I set them up to match the other folder in that directory, it was fine again.
Post a Comment
Recent Entries
- Cache Template in Request Setting Explained
- What Version of Java is ColdFusion Using?
- ColdFusion 9 Performance Brief from Adobe
- Request Filtering in IIS 7 Howto
- J2EE Session Cookies on ColdFusion / JRun
- Hands on ColdFusion Security Training
- ColdFusion 9 Solr Vulnerability - Are you at Risk?
- FCKEditor Year 2010 Bug for Firefox 3.6 with ColdFusion
2) I downloaded this one locally, uploaded to the server, and then copied over into the CFIDE folder. After that, I got a server login bix whenever I tried to use cftextarea.
Turns out the cftextarea.js file had the FTP folder priviliages, and it required more privliages to work in the CFIDE folder. Once I set them up to match the other folder in that directory, it was fine again.
