Just a heads up – I do see in my logs that my servers were scanned for this. Luckily, nothing took hold (our servers have the admin directories locked down), but I’ve heard from some others on campus that they may have had their servers hit.
If you feel like your server has been compromised by this exploit, open up a ticket with the ATS Help Desk (517 432 6200, or 2-6200 on campus). The IT Services Network Security group has been made aware of the exploit and is able to help.
-Nick Kwiatkowski
MSU Telecom Systems
From: Troy Murray [mailto:[log in to unmask]]
Sent: Thursday, January 03, 2013 9:49 AM
To: [log in to unmask]
Subject: [MSUNAG] ColdFusion Exploit
I know there are a few others that have a ColdFusion server running here on campus and I wanted to make sure you heard about this attempted exploit. On December 25 there are some reports of ColdFusion systems (not on campus that I know of) that were accessed because the CFIDE/administrator AND ALSO the CFIDE/adminapi directories being left open to the public. It appears that ColdFusion 7 - 10 have these directories included and are vulnerable to this compromise even with the latest hot fixes.
More details on how to determine if your system was compromised, including the latest lockdown guides for ColdFusion, can be found at http://forums.adobe.com/message/4962104
FYI
Troy Murray
Michigan State University
College of Medicine
Life Science
1355 Bogue St, B-136D
East Lansing, MI 48824
P: 517-432-2760
F: 517-355-7254
RedHat 5 Certified Technician
RedHat 5 Certified Systems Administrator
HL7 V2.6/2.5 Certified Control Specialist