Hotfix for CF8 FCKeditor Vulnerability Released

July 08, 2009

Adobe has just released a security hotfix for the FCKeditor vulnerability in Coldfusion 8.

Also of Note, Adobe's Terry Ryan posted a blog entry today detailing How to report a ColdFusion Security Issue to Adobe.

Permalink | Add Comment |

add to del.icio.us | Tags: security, cffile, upload, fckeditor, vulnerability, coldfusion

Related Entries

ColdFusion 8 FCKeditor Vulnerability - July 3, 2009
Risks of FCKeditor Vulnerability in CF8 - July 6, 2009
FCKeditor Access Denied - October 15, 2009
ColdFusion Security Hotfixes Released - August 18, 2009
Tips for Secure File Uploads with ColdFusion - June 24, 2009

1 person found this page useful, what do you think?

Download FuseGuard WAF for ColdFusion

Comments

Just a head's up to anyone applying this one:
1) The .jar file comes down as a .zip file. Just change the extension

2) I downloaded this one locally, uploaded to the server, and then copied over into the CFIDE folder. After that, I got a server login bix whenever I tried to use cftextarea.

Turns out the cftextarea.js file had the FTP folder priviliages, and it required more privliages to work in the CFIDE folder. Once I set them up to match the other folder in that directory, it was fine again.

by Paul Dynan on 09/28/2009 at 2:41:12 PM UTC