Porn Problem: Adult Ads Persist on US Gov’t, Military Sites

2021-09-17 17:16

Cities, states, federal and military agencies should patch the Laserfiche CMS post-haste, said the security researcher whose jaw dropped at 50 sites hosting porn and Viagra spam.

Gov domain hosting the offending files and displaying a specific Laserfiche error message.

According to its disclosure, the Laserfiche forms portal file upload vulnerability is actively being exploited, enabling unauthenticated third parties to use Laserfiche Forms to "Temporarily host uploaded files for distribution."

There are mitigations available for users who can't immediately install updates on externally accessible Laserfiche Forms servers, though that is what Laserfiche recommended.

"The Laserfiche Forms 10.x security updates modify the default behavior of public forms to no longer provide a download link," Laserfiche said in its update.

Edwards told Vice that installing the patch should be done post-haste: "There are a significant number of cities, states and federal agencies, including military agencies, which use Laserfiche and should immediately install the patch and determine whether the other remediation steps are required," the researcher said.

News URL

https://threatpost.com/porn-viagra-spams-govt-military-sites/174794/

#military #US