Pete FreitagHotfix for CF8 FCKeditor Vulnerability Released
Adobe has just released a security hotfix for the FCKeditor vulnerability in Coldfusion 8.
Also of Note, Adobe's Terry Ryan posted a blog entry today detailing How to report a ColdFusion Security Issue to Adobe.
Like this? Follow me ↯
Tweet Follow @pfreitagHotfix for CF8 FCKeditor Vulnerability Released was first published on July 08, 2009.
If you like reading about security, cffile, upload, fckeditor, vulnerability, or coldfusion then you might also like:
- ColdFusion 8 FCKeditor Vulnerability
- Risks of FCKeditor Vulnerability in CF8
- FCKeditor Access Denied
- ColdFusion Security Hotfixes Released
- Tips for Secure File Uploads with ColdFusion
- ColdFusion 2020 Developer Week - Securing CF
- Fixinator and Foundeo Security Bundle
- CFSummit 2016 Slides
The FuseGuard Web Application Firewall for ColdFusion & CFML is a high performance, customizable engine that blocks various attacks against your ColdFusion applications.
Comments
Hey, subtle must be your mildde name. Great post!
by Taron on 05/27/2011 at 5:50:58 PM UTC
1) The .jar file comes down as a .zip file. Just change the extension
2) I downloaded this one locally, uploaded to the server, and then copied over into the CFIDE folder. After that, I got a server login bix whenever I tried to use cftextarea.
Turns out the cftextarea.js file had the FTP folder priviliages, and it required more privliages to work in the CFIDE folder. Once I set them up to match the other folder in that directory, it was fine again.