http://www.tofinha.com.br/blog/index.cfm Blog to publish my works and ColdFusion out for Brazil en-us Thu, 09 Sep 2010 07:01:08 -0300 Fri, 04 Dec 2009 11:32:00 -0300 BlogCFC http://blogs.law.harvard.edu/tech/rss tofinha@gmail.com tofinha@gmail.com tofinha@gmail.com http://www.tofinha.com.br/blog/index.cfm no http://www.tofinha.com.br/blog/index.cfm/2009/12/4/Cumulative-Hot-Fix-4-for-801 <p>A new cumulative hot fix for ColdFusion 8.0.1 has been released. </p> <p> Details and download may be found here: <a href="http://kb2.adobe.com/cps/529/cpsid_52915.html">http://kb2.adobe.com/cps/529/cpsid_52915.html</a></p> ColdFusion 8 TechNote Security ColdFusion Fri, 04 Dec 2009 11:32:00 -0300 http://www.tofinha.com.br/blog/index.cfm/2009/12/4/Cumulative-Hot-Fix-4-for-801 Tofinha http://www.tofinha.com.br/blog/index.cfm/2009/10/24/HackMyCF-ColdFusion-Server-Security-Scanner <p><strong><a href="http://www.petefreitag.com/item/721.cfm" title="ColdFusion Server Security Scanner" target="_blank">Pete Freitag</a></strong> has launched <a href="http://hackmycf.com/" target="_blank"><strong>HackMyCF</strong></a>, a site that can test your ColdFusion servers for security holes, missing hotfixes and patches, and more. Highly recommended!</p> <div align="center"> <a href="http://hackmycf.com/" target="_blank"><img src="http://www.petefreitag.com/images/blog/hackmycf-email.png" alt="hack my cf email report" border="0" title="hack my cf email report"></a></div> <p>&nbsp;</p> Security ColdFusion Sat, 24 Oct 2009 00:16:00 -0300 http://www.tofinha.com.br/blog/index.cfm/2009/10/24/HackMyCF-ColdFusion-Server-Security-Scanner Tofinha http://www.tofinha.com.br/blog/index.cfm/2009/7/9/Adobe-Releases-Hotfix-for-FCKEditor-Security-Issue <p>Adobe has released an official hot fix for the FCK Editor issue you may have heard about lately. You can <strong><a href="http://www.adobe.com/support/security/bulletins/apsb09-09.html" target="_blank">read about and download the hotfix directly from Adobe</a>.</strong></p> <p>&nbsp;</p> ColdFusion 8 Security Thu, 09 Jul 2009 12:04:00 -0300 http://www.tofinha.com.br/blog/index.cfm/2009/7/9/Adobe-Releases-Hotfix-for-FCKEditor-Security-Issue Tofinha http://www.tofinha.com.br/blog/index.cfm/2009/7/4/ColdFusion-8-FCKeditor-Vulnerability <p>There is a critical point in FCKeditor, who was announced some time, when detected in connectors ASP and PHP.</p> <p>PHP - <a href="http://www.acunetix.com/vulnerabilities/GeekLog-v1.4.0-FckEditor-.htm"><strong>GeekLog v1.4.0 FckEditor File Upload Security Vulnerability</strong></a></p> <p>ASP - <a href="https://strikecenter.bpointsys.com/articles/permalink?title=exploiting-iis-via-htmlencode-ms08-006&month=02&year=2008&day=13"><strong>Exploiting IIS via HTMLEncode (MS08-006)</strong></a></p> <p>Now this vulnerability was detected in the version 8.0.1 of ColdFusion, the version 8.0 apparently does not suffer of this failure, but it is worth check.</p> <p>The solutions:<br> 1) Disable filemanager. In <strong>"CFIDE\scripts\ajax\FCKeditor\editor\filemanager\connectors\cfm\config.cfm"</strong></p> <p><strong>Config.Enabled = <span style="color:#F00;">false;</span></strong></p> <p>2) To be completely safe, delete the entire filemanager directory found under "CFIDE\scripts\ajax\FCKeditor\editor". The embedded version of FCKeditor for CF doesn't and really shouldn't use this feature. So removing those files completely is the safest thing to do. Be mindful that updates to CF might re-introduce those files and naturally re-open the problem.</p> <p>More informations in:</p> <a href="http://groups.google.com/group/cfbrasil/browse_thread/thread/1f0957d4df6fb612" target="_blank"><strong>Problem safety serious in CF 8.01 (by Alex Hubner - CFBRAZIL)</strong></a> <p><a href="http://www.codfusion.com/blog/post.cfm/cf8-and-fckeditor-security-threat" target="_blank"><strong>CF8 and FCKEditor Security threat ( by John Mason)</strong></a></p> <p><a href="http://www.petefreitag.com/item/704.cfm" target="_blank"><strong>ColdFusion 8 FCKeditor Vulnerability ( by Pete Freitag)</strong></a></p> <p>&nbsp;</p> <p style="border:dotted 1px #069; background-color:#75b3e2; padding:5px;">Update: read this post by the Adobe Product Security Incident Response Team regarding a security issue caused by the FCKEditor included with ColdFusion 8:<br /> <strong><a href="http://blogs.adobe.com/psirt/2009/07/potential_coldfusion_security.html" style="color:#000;" target="_blank">Adobe Product Security Incident Response Team (PSIRT): Potential ColdFusion security issue</a></strong></p> ColdFusion 8 Security Sat, 04 Jul 2009 13:10:00 -0300 http://www.tofinha.com.br/blog/index.cfm/2009/7/4/ColdFusion-8-FCKeditor-Vulnerability Tofinha