6 Replies Latest reply on Mar 14, 2014 9:18 AM by ACS LLC

    Fixing Security Vunerabilities in CF8

    ACS LLC Level 1

      I was looking at CF8 server vunerabilities, such as this one http://www.youtube.com/watch?v=CzXLLZ8ohZU where a user can easily get into the CF admin, add a shell and then basically do what they heck on our server.

       

      Can anybody tell me how to make sure that this particular vunerability has been taken care of, is it part of a particular service pack, when I say service pack I mean cummulative hot fix, like CHF 4 http://helpx.adobe.com/coldfusion/kb/cumulative-hot-fix-4-coldfusion.html

       

      CHF is just another term for a service pack I guess, and CHF 4 appears to be the last cummulative fix up.

       

      My only concern is that if we had been compromised that even a hotfix would not remove any shells, although I could not find any, I am not a hacker, and those guys are very good at hiding things.

       

      Ahh..after posting this I then saw the link to security

      http://helpx.adobe.com/coldfusion/kb/cumulative-hot-fix-4-coldfusion.html#main_Security

       

      It looks like quite a bit of work, no wonder so many people jumped ship from CF

       

      Appreciate any guidance on this

       

      Thanks

       

      Mark