Same here, Frank. I've never heard of there ever being a gettingstarted directory in CFIDE, ever. I've checked multiple machines just now, and find none.
I do recall there being one some number of releases ago, but never in the CFIDE that I recall. Perhaps in CFDOCS. I don't recall if it was added as part of the install or was an option you could download. Indeed, I was just about to report this on the Adobe blog about this technote, and I see that someone else has pointed it out as a comment. Let's hope they correct the bulletin soon, as it's clearly currently incorrect and confusing (and they may have meant really the CFIDE/componentutils, which has itself been used by some other attacks.) That said, if there is indeed some vulnerability in code in a gettingstarted directory somewhere, and it's determined that this was indeed from CF8, then folks who are on 9 or 10 should not rest too carefully, because if they'd had that older release, the directory could still be around in some website docroot, so whatever they ultimately report, it's worth watching out for it (and possibly blocking it, if not removing it entirely, if you never use it anyway.) /charlie From: [email protected] [mailto:[email protected]] On Behalf Of Frank Moorman Sent: Thursday, May 09, 2013 3:54 AM To: [email protected] Subject: [ACFUG Discuss] FYI - Security Advisory for ColdFusion - Active zero day exploit All, In case you have not heard... Adobe mentioned this last night... https://www.adobe.com/support/security/advisories/apsa13-03.html Essentially, the believe the exploit is already out there and is actively infecting systems. However, it can be prevented through access controls on the CFIDE admin directories. AFFECTED SOFTWARE VERSIONS ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX MITIGATIONS Adobe recommends ColdFusion customers take the following steps to mitigate this vulnerability: . Restrict public access to the CFIDE/administrator, CFIDE/adminapi and CFIDE/gettingstarted directories by following the hardening guidance in the <http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/cold fusion/pdfs/91025512-cf9-lockdownguide-wp-ue.pdf> ColdFusion 9 Lockdown Guide and <http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/cold fusion-enterprise/pdf/CF10%20Lockdown%20Guide.pdf> ColdFusion 10 Lockdown Guide . Refer to the <http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/cold fusion/pdfs/91025512-cf9-lockdownguide-wp-ue.pdf> ColdFusion 9 Lockdown Guide and <http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/cold fusion-enterprise/pdf/CF10%20Lockdown%20Guide.pdf> ColdFusion 10 Lockdown Guide for security best practices and further information on these hardening techniques. This is the first I have heard of the CFIDE/gettingstarted directory, so I am assuming that is only on CF10. Another directory that should be protected but it not mentioned on this exploit(but has been mentioned on others) is the CFIDE/componentutils directory. If needed/desired, I can share some simple .htaccess samples for people that need to protect CF on an apache server... ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink <http://www.fusionlink.com> ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
