« Return to Thread: New CF8 vulnerability
RE: New CF8 vulnerability
by Dave Watts
::
Rate this Message:
I suspect you have an older version of FCKEditor deployed in that case.
Dave Watts, CTO, Fig Leaf Software
-----Original Message-----
From: Adrian Lynch <contact@...>
Sent: Friday, 03 July, 2009 06:46
To: cf-talk <cf-talk@...>
Subject: RE: New CF8 vulnerability
I don't seem to have the same file directory as that posted in the second
link. Instead I have:
\CFIDE\scripts\ajax\FCKeditor\editor\filemanager\upload\cfm\config.cfm
and:
\CFIDE\scripts\ajax\FCKeditor\editor\filemanager\browser\default\connectors\
cfm\config.cfm
Both of these files look like they are encrypted.
Am I missing something?
Adrian
> -----Original Message-----
> From: Dave Watts [mailto:dwatts@...]
> Sent: 03 July 2009 00:17
> To: cf-talk
> Subject: New CF8 vulnerability
>
>
> You may want to check for this on any clients/projects you've worked
> with:
> http://isc.sans.org/diary.html?storyid=6715
>
> Remediation steps available here:
> http://www.codfusion.com/blog/post.cfm/cf8-and-fckeditor-security-
> threat
>
> Dave Watts, CTO, Fig Leaf Software
> http://www.figleaf.com/
>
> Fig Leaf Software provides the highest caliber vendor-authorized
> instruction at our training centers in Washington DC, Atlanta,
> Chicago, Baltimore, Northern Virginia, or on-site at your location.
> Visit http://training.figleaf.com/ for more information!
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists
Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324181
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=17837.14401.4
« Return to Thread: New CF8 vulnerability
| Free embeddable forum powered by Nabble | Forum Help |
