Imperva: The rise and rise of ColdFusion-driven breaches

In a new blog post from Barry Shteiman, director of security strategy at Imperva, a security breach which targeted several high end car/limousine service companies is discussed. As a result of the breach sensitive customer information was stolen and the vulnerable component in the sites has been identified as the ColdFusion web application platform.

Why this matters?

ColdFusion induced breaches are definitely on the rise, which teaches us that hackers and security researchers are looking into this platform more and more as a green field for hacking endeavours.

As more companies are becoming security aware, we would like to believe that the trivial security gaps become  harder to find and easier to deal with. However this breeds an uprising technique within the hacking community, which is – finding an auxiliary functionality that is supposed to be used indirectly only by an administrator of the specific system, but in fact can be used by a hacker.

If we look into one of the more interesting ColdFusion vulnerabilities (can be found here) that is exactly the case. It is a vulnerability that uses administrative function that isn’t properly hardened within the platform.

What can companies do?

1) Patch. Although difficult in production, patching to latest versions and latest security patches usually will help fix the problem sooner rather than later

2) Educate yourself. Knowing the platforms that you have, the platforms that are used by third party companies/solutions that you work with – is key in understanding your security posture

3) Install a Web Application Firewall. As we believe that these types of attacks are up and coming, we invest lots of our security research efforts into identifying them and blocking them before they hit the servers