Hackers are running a mass compromise against sites running vulnerable ColdFusion application server installations. Security watchers at the SANS Institute's Internet Storm Centre are warning that a "high number" of sites have been hit over the last 36 hours or so. Miscreants are exploiting sites running older installations of …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Friday 3rd July 2009 13:30 GMT Tzael

Misleading article titles

Damnit, where's my free energy?!

0 0
Friday 3rd July 2009 13:30 GMT Seanmon

Cheers el reg.

I shall point to this article next time I'm accused of slacking off reading the papers.

Virtual beer.

0 0
Friday 3rd July 2009 13:32 GMT Nick B (Zeus)

No application firewall?

It strikes me that whether there are known vulnerabilities or not. If you are running an ecommerce site, you should assume that there are, and that people are going to try and exploit them!

The most simple and straightforward solution would be to deploy an application firewall into your infrastructure. With the tick of a checkbox you could then turn on generic protection against this type of problem.

Simples!

0 0
Friday 3rd July 2009 13:32 GMT Mark 18

Epic Fail!

El Wedge has epicly failed at the internets rofl. Link not only spelt wrong but doesn't even go to the right place when spelt right lol.

Codfusion - The for phishing and hacking of coldfusion servers?

0 0
Friday 3rd July 2009 13:32 GMT Anonymous Coward

ColdFusion

The link you provided for the coldfusion vuln is not an official adobe link. You seem to imply that it is. You might have done better to at least mention the site is not the official site for CF. The title is also bunk. Hackers have not done anything. This is an example of using a default config, without hardening the system. No different than saying "hackers crack windows 2008" and then stating that the admins are not setting a password for "Administrator".

In spite of that.... I am sure there are quite a few installs of CF that are at risk due to this configuration, so it is great that you are getting the word out for them to be able to fix this.

0 0
Monday 6th July 2009 10:50 GMT Don Mitchell

This has been happening for a while

This has been going on for many weeks. I know one ISP that was massively hacked via coldfusion about two weeks ago. Everyone's web pages has a one-line js script added that called some kind of Adobe Flash player exploit.

0 0
Monday 6th July 2009 10:58 GMT Bert 2

Adobe response

Official Adobe response is here

http://blogs.adobe.com/psirt/2009/07/potential_coldfusion_security.html

0 0
Monday 6th July 2009 11:59 GMT Anonymous Coward

php too

Its really a FCKEditor Security Issue, not coldfusion. The 'news' is one version of Coldfusion (8.0.1) shipped with the FCKEditor connectors enabled

php

http://secunia.com/advisories/27123/

asp

https://strikecenter.bpointsys.com/articles/permalink?title=exploiting-iis-via-htmlencode-ms08-006&month=02&year=2008&day=13

0 0
Thursday 9th July 2009 11:33 GMT Anonymous Coward

Hotfix

http://www.adobe.com/support/security/bulletins/apsb09-09.html

0 0