Macromedia has posted Security Bulletin MPSB05-02 – Workaround available for ColdFusion MX 6.1 Updater file disclosure. This issue only effects J2EE Configuration – ColdFusion MX 6.1 for JRun4 (Updater 1) (CFMX7 on JRun4 is not effected).
Macromedia has posted Security Bulletin MPSB05-02 – Workaround available for ColdFusion MX 6.1 Updater file disclosure. This issue only effects J2EE Configuration – ColdFusion MX 6.1 for JRun4 (Updater 1) (CFMX7 on JRun4 is not effected).
I have a question and maybe someone here can answer it.
I read the security bullentin and I have seen this happen with the websites that I have. I have noticed though that if you go into the CF Administrator and tell it not to save the class files, that the directory /WEB-INF/cfclasses is still created, but it doesn’t have anything in it.
Now my qyestion is, how exactly would someone be able to download the .class file? Don’t you have to know the exact name of a file in order to bring it up in a webbrowser or am I missing something here?
Leave a Reply