Fixing Security Vunerabilities in CF8

Question

I was looking at CF8 server vunerabilities, such as this one http://www.youtube.com/watch?v=CzXLLZ8ohZU where a user can easily get into the CF admin, add a shell and then basically do what they heck on our server.

Can anybody tell me how to make sure that this particular vunerability has been taken care of, is it part of a particular service pack, when I say service pack I mean cummulative hot fix, like CHF 4 http://helpx.adobe.com/coldfusion/kb/cumulative-hot-fix-4-coldfusion.html

CHF is just another term for a service pack I guess, and CHF 4 appears to be the last cummulative fix up.

My only concern is that if we had been compromised that even a hotfix would not remove any shells, although I could not find any, I am not a hacker, and those guys are very good at hiding things.

Ahh..after posting this I then saw the link to security

http://helpx.adobe.com/coldfusion/kb/cumulative-hot-fix-4-coldfusion.html#main_Security

It looks like quite a bit of work, no wonder so many people jumped ship from CF

Appreciate any guidance on this

Thanks

Mark

pete_freitag · Answer

Hi Mark, The CHF does contain security fixes, but not all of them, you need to check out: http://helpx.adobe.com/security/products/coldfusion.html for a list of all the security patches and make sure you have applied them all.

If you keep your server updated it isn't too hard to manage, CF10 has improved this process a great deal with the hotfix installer. CF8 is no longer supported by Adobe, so if you are still on CF8 you might want to upgrade to CF9 or CF10 so you have all the latest security hotfixes.

Finally my company makes a product that helps you see what patches you have applied and which ones you need to apply called HackMyCF.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded