Curious if someone can enlighten me where in CFIDE...
# adobem
Manville
09/06/2023, 8:47 PMCurious if someone can enlighten me where in CFIDE I can "disable the NeoTranslator compiler" ? Is this the settings > caching "*Save class files"* option? Appreciate any insight. CF2016 related 😞
b
bdw429s
09/06/2023, 8:48 PMI have no idea what you're trying to do.
bdw429s
09/06/2023, 8:49 PMWhere did you read about such a setting?
m
Manville
09/06/2023, 8:51 PMTrying to lock down and protect myself from CVE-2023-26360, already working on a tomcat servlet filter to block request before hitting CF but going a step further to avoid class creation
thanks for quick reply @bdw429s 🤘
Manville
09/06/2023, 8:52 PMIf you cannot install the latest updates, you can disable the NeoTranslator compiler. Disabling the NeoTranslator compiler will prevent ColdFusion from translating pages into Java classes.
b
bdw429s
09/06/2023, 8:52 PMLink?
m
Manville
09/06/2023, 8:52 PMManville
09/06/2023, 8:53 PMappreciate your time
b
bdw429s
09/06/2023, 8:54 PMHmm, to be honest I've never heard of such a setting before. Is there a chance that article was written by ChatGPT and it was just making stuff up? 🤷
☝🏻 1
bdw429s
09/06/2023, 8:55 PMGoogling for that phrase doesn't really have any hits outside of that one article
r
Rodney
09/06/2023, 8:56 PMOur corporate security has blocked that site. lol.
😱 1
b
bdw429s
09/06/2023, 8:57 PMYeah, there's literally no info on such a thing
bdw429s
09/06/2023, 8:57 PMI'm pretty certain "Piyush Chhiroliya" has been hitting the ChatGPT a bit too hard to fluff out his articles
m
Manville
09/06/2023, 8:58 PMyeah, I also came up dry which lead me to post here.
thanks guys, rough times
b
bdw429s
09/06/2023, 9:00 PMArticle looks like it's mostly clickbait content to push their security services. The guy doesn't even have a Twitter account (that I can verify is him)
bdw429s
09/06/2023, 9:01 PMWe also shouldn't have to tell you that core support for CF 2016 ended on Feb 16, 2021 🙂
m
Manville
09/06/2023, 9:02 PMoh yeah, believe me I am fully aware. the license shift was a cost killer for our infrastructure
Manville
09/06/2023, 9:03 PMCurrently migrating to Lucee, this is a stop gap until then
Manville
09/06/2023, 9:03 PMThanks for you insight! man oh man
b
bdw429s
09/06/2023, 9:05 PMCharlie had some advice on one of his blogs showing a URL sequence you could just block in your web server
bdw429s
09/06/2023, 9:05 PMRelated to _cfclient=true or something like that
👍 1
m
Manville
09/06/2023, 9:07 PMI consumed that a few months back and put a rewrite in place on apache, yet any decode bypasses it so moved to a servlet filter to capture anything that gets passed the apache tier.
👍 1
d
Dave Merrill
09/06/2023, 9:14 PMWell that's just depressing all around 😕
b
Brian Reilly
09/07/2023, 12:49 AM@Manville if you're running CF2016, I'd strongly recommend blocking all remote access to .cfc files, if you can. (Or getting to a point where you can do that, if you can't today.) You'll want protection against CVE-2023-29300 / CVE-2023-38203 / CVE-2023-38204 which are as critical as CVE-2023-26360
Brian Reilly
09/07/2023, 1:24 AMAnd that PingSafe article reads like it's pretty heavily based off of the the original Rapid7 writeup of CVE-2023-26360 (https://attackerkb.com/topics/F36ClHTTIQ/cve-2023-26360/rapid7-analysis) +1 to others' comments about no setting to do that, as far as I know. You might be able to do something crazy like manually precompile all of your CFML code, and then remove the classes that support the NeoTranslator compiler -- but 1) that doesn't seem like a good idea and 2) I don't even know if that would work