LISTSERV 16.0 - MSUNAG Archives

I know there are a few others that have a ColdFusion server running here on campus and I wanted to make sure you heard about this attempted exploit. On December 25 there are some reports of ColdFusion systems (not on campus that I know of) that were accessed because the CFIDE/administrator AND ALSO the CFIDE/adminapi directories being left open to the public. It appears that ColdFusion 7 - 10 have these directories included and are vulnerable to this compromise even with the latest hot fixes.

More details on how to determine if your system was compromised, including the latest lockdown guides for ColdFusion, can be found at http://forums.adobe.com/message/4962104

FYI

Troy Murray

Michigan State University

College of Medicine

Life Science

1355 Bogue St, B-136D

East Lansing, MI 48824

E: [log in to unmask]

P: 517-432-2760

F: 517-355-7254

RedHat 5 Certified Technician

RedHat 5 Certified Systems Administrator

HL7 V2.6/2.5 Certified Control Specialist