Paul Alkema

Discussions on Web Development and Security

Paul Alkema

ColdFusion 9 Vulnerabilities, Are You Safe?

August 11, 2010 · 29 Comments

I recently attended CFUNITED and loved it! It was great! Anyway, one of my favorite sessions at CFUNITED was a session by Pete Frietag entitled "Writing Secure CFML". In the session he said "who here has ever had their server hacked?" and to my amazement about half of the room put their hand up. This tells me that people aren't reading security bulletins (Wait, everyone reads those right?) and patching their servers accordingly. In the last few months I've seen two pop up that I just wanted to bring attention too.

  1. Unauthenticated File Retrieval Vulnerability

    Problem

    Allows remote users to gain access to the server files through the ColdFusion Administrator. This could be used to gain database information or as a stepping stone to find internal vulnerability in applications.

    Solution

    Adobe has released a patch for this issue.
    http://www.adobe.com/support/security/bulletins/apsb10-18.html


    If your one of those people that don't like patching, an alternative fix is to change the default location of the ColdFusion Administrator or by limiting the ColdFusion Administrator's access from specified IP's.

    Severity: High
    CVE: CVE-2010-2861

  2. Solr Service Information Disclosure Vulnerability

    Problem

    ColdFusion allows users to remotely connect to search collections that have been created by the Solr service. The flaw in this however is that by default any user can connect to this service from any IP without any type of authentication would could be used to gather information about the server or internal processes.
    http://www.securityfocus.com/bid/38007/discuss

    Solution

    The best current solution at this time is to disable this service to be connected to from any other IP than the local IP of the server. Adobe has come out with an article outlining exactly how this can be done.
    http://kb2.adobe.com/cps/807/cpsid_80719.html

    Severity: Medium
    CVE: CVE-2010-0185

I would also highly recommend checking your server for vulnarabilities using http://hackmycf.com/. It's a very easy to use website that will tell you what patches your server needs.

Tags: ColdFusion · Security