Misleading article titles
Damnit, where's my free energy?!
Hackers are running a mass compromise against sites running vulnerable ColdFusion application server installations. Security watchers at the SANS Institute's Internet Storm Centre are warning that a "high number" of sites have been hit over the last 36 hours or so. Miscreants are exploiting sites running older installations of …
It strikes me that whether there are known vulnerabilities or not. If you are running an ecommerce site, you should assume that there are, and that people are going to try and exploit them!
The most simple and straightforward solution would be to deploy an application firewall into your infrastructure. With the tick of a checkbox you could then turn on generic protection against this type of problem.
Simples!
The link you provided for the coldfusion vuln is not an official adobe link. You seem to imply that it is. You might have done better to at least mention the site is not the official site for CF. The title is also bunk. Hackers have not done anything. This is an example of using a default config, without hardening the system. No different than saying "hackers crack windows 2008" and then stating that the admins are not setting a password for "Administrator".
In spite of that.... I am sure there are quite a few installs of CF that are at risk due to this configuration, so it is great that you are getting the word out for them to be able to fix this.
Its really a FCKEditor Security Issue, not coldfusion. The 'news' is one version of Coldfusion (8.0.1) shipped with the FCKEditor connectors enabled
php
http://secunia.com/advisories/27123/
asp
https://strikecenter.bpointsys.com/articles/permalink?title=exploiting-iis-via-htmlencode-ms08-006&month=02&year=2008&day=13