Pete FreitagHotfix for CF8 FCKeditor Vulnerability Released
Adobe has just released a security hotfix for the FCKeditor vulnerability in Coldfusion 8.
Also of Note, Adobe's Terry Ryan posted a blog entry today detailing How to report a ColdFusion Security Issue to Adobe.
Like this? Follow me ↯
Tweet Follow @pfreitagHotfix for CF8 FCKeditor Vulnerability Released was first published on July 08, 2009.
If you like reading about security, cffile, upload, fckeditor, vulnerability, or coldfusion then you might also like:
- ColdFusion 8 FCKeditor Vulnerability
- Risks of FCKeditor Vulnerability in ColdFusion 8
- FCKeditor Access Denied
- ColdFusion Security Hotfixes Released
- Tips for Secure File Uploads with ColdFusion
- Speaking at ColdFusion Summit Online Next Week
- OpenSSL and ColdFusion / Lucee / Tomcat
- ColdFusion Security Training Class December 2022
The Fixinator Code Security Scanner for ColdFusion & CFML is an easy to use security tool that every CF developer can use. It can also easily integrate into CI for automatic scanning on every commit.
Try Fixinator
CFBreak
The weekly newsletter for the CFML Community
Comments
Hey, subtle must be your mildde name. Great post!
by Taron on 05/27/2011 at 5:50:58 PM UTC
1) The .jar file comes down as a .zip file. Just change the extension
2) I downloaded this one locally, uploaded to the server, and then copied over into the CFIDE folder. After that, I got a server login bix whenever I tried to use cftextarea.
Turns out the cftextarea.js file had the FTP folder priviliages, and it required more privliages to work in the CFIDE folder. Once I set them up to match the other folder in that directory, it was fine again.