Thursday, May 24, 2012    
Home My Books Blog ColdFusion About Me Back    

Calendar
<< Aug 2010 >>
S M T W T F S
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        

Search

Categories
 • Acrobat (5) [RSS]
 • Adobe (117) [RSS]
 • AdobeMAX06 (45) [RSS]
 • AdobeMAX07 (59) [RSS]
 • AdobeMAX08 (66) [RSS]
 • AdobeMAX09 (39) [RSS]
 • AdobeMAX10 (34) [RSS]
 • AdobeMAX11 (28) [RSS]
 • AdobeMAX13 (1) [RSS]
 • AIR (299) [RSS]
 • Appearances (217) [RSS]
 • Books (86) [RSS]
 • CFEclipse (15) [RSS]
 • Cloud (1) [RSS]
 • ColdFusion (1483) [RSS]
 • ColdFusion Builder (23) [RSS]
 • Data Services (43) [RSS]
 • Fish Tank (5) [RSS]
 • Flash (368) [RSS]
 • Flex (565) [RSS]
 • Home Automation (5) [RSS]
 • HTML5 (36) [RSS]
 • JavaScript (3) [RSS]
 • Jobs (133) [RSS]
 • jQuery (15) [RSS]
 • JRun (14) [RSS]
 • Labs (63) [RSS]
 • LiveCycle (37) [RSS]
 • MAX (285) [RSS]
 • Mobile (257) [RSS]
 • PhoneGap (17) [RSS]
 • Regular Expressions (19) [RSS]
 • RIA (21) [RSS]
 • SQL (45) [RSS]
 • Stuff (554) [RSS]
 • Tips (CF Studio) (80) [RSS]
 • Tips (CF) (795) [RSS]
 • Tips (Dreamweaver) (91) [RSS]
 • Tips (Flex Builder) (2) [RSS]
 • Using CF (167) [RSS]

Other BLOGs
 • Charlie Arehart
 • Lee Brimelow
 • Ray Camden
 • Christophe Coenraets
 • Sean Corfield
 • Mihai Corlan
 • Cornel Creanga
 • Mark Doherty
 • John Dowdell
 • Danny Dura
 • Enrique Duvos
 • Steven Erat
 • Kevin Hoyt
 • Serge Jespers
 • Adam Lehman
 • Duane Nickull
 • Miti Pricope
 • Andrew Shorten
 • Ryan Stewart
 • James Ward
 • Greg Wilson
 • Full As A Goog

RSS Feeds
 • Feed
 • Subscribe

Join my mailing list and find out about new books and other topics of interest.
Thoughts, ideas, tips, musings, and pontifications (not necessarily in that order) by Ben Forta ...
NOTE: This is my personal blog, and the opinions and statements voiced here are my own.

Viewing By Entry / Main
August 10, 2010

ColdFusion Security Hotfix Released

Posted At : 4:43 PM
Related Categories: ColdFusion :

An important ColdFusion security hotfix has been released for ColdFusion 8.x and 9.x. This hotfix addresses a potential vulnerability in ColdFusion Administrator.

Comments (3) | Print |
Comments
[Add Comment] [Subscribe to Comments]
I hate to ask, but ...

Since CF7 is no longer covered under core support, any idea on whether 7.x is impacted by this?

If the CF administrator is locked down via Windows Authenication, any idea on whether that is effective?

Thanks!
# Posted By James Skemp | 8/12/10 10:12 AM
(Sorry, I realized none of the Adobe content mentions the vulnerability specifically, so the question re: locking down the administrative access might not make sense.

See http://secunia.com/advisories/40909 where it states "Certain unspecified input passed to the ColdFusion Administrator page is not properly sanitised before being used. This can be exploited to disclose certain data via directory traversal attacks.")
# Posted By James Skemp | 8/12/10 10:43 AM
In the CF8 installed at my company, there are l10n files in several folders with different file-dates. Why are they not the same? Should all of them be replaced with this HOTFIX?
# Posted By cfpat | 8/17/10 1:58 PM
[Add Comment]

  © Copyright 1997-2009 Ben Forta, All Rights Reserved