VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
VRDA-090706-002
Cold Fusion web sites getting compromised
http://isc.sans.org/diary.html?storyid=6715&rss

It appears that the attackers are exploiting web sites which have older installations of some Cold Fusion applications. These applications have vulnerable installations of FCKEditor, which is a very popular HTML text editor, or CKFinder, which is an Ajax file manager. The vulnerable installations allow the attackers to upload ASP or Cold Fusion shells which further allow them to take complete control over the server.




About This Analysis Information
Analysis Information Provider:
 		JPCERT/CC
 		First Published:
 		2009-07-06
Source Information Category:
 		Other (news, forums, etc.)
 		Last Updated:
 		2009-07-06




Affected Product Tags
cpe:/a:adobe:coldfusion     (Adobe ColdFusion)
 


Vulnerability Analysis Results
[Information Source Reliability] [?]
Low [?]

Medium [?]
X High [?]
[Impact Level] [?]
Low [?]

Low-Medium [?]
X Medium-High [?]
High [?]
[Access Required] [?]
Physical [?]

Local [?]
Non-routed [?]
X Routed [?]
[Authentication] [?]
Privileged [?]

Standard [?]
Limited [?]
X None or Unnecessary [?]
[User Interaction Required] [?]
Complex [?]

Simple [?]
X None [?]
[Technical Difficulty] [?]
High [?]

Medium-High [?]
Low-Medium [?]
Low [?]
[Availability of Remediation] [?]
Official Patch [?]

X Official Workaround [?]
Unofficial Patch [?]
None [?]
[Incident Activity] [?]
None [?]

Exploit or PoC [?]
X Activity Observed [?]
Alternatives




References
Adobe Product Security Incident Response Team (PSIRT) Potential ColdFusion security issue
Adobe is aware of reports of ColdFusion websites being compromised through a vulnerability in the FCKEditor rich text editor, which is installed with ColdFusion 8.




Copyright © 2009 JPCERT/CC All Rights Reserved.