Hello Weekenders, I'm sure most of you got the MM Security bulletin the other day (http://www.macromedia.com/security). I am trying to figure out what the security breach is if the steps outlines in the Security Bulletin are not taken. It doesn't describe what level of access an attacker could gain through this exploit. And since we use the SES Url's (mysite.com/index.cfm/myvar/myvarvalue/), I can not easily implement this security fix because checking the "check that file exists" box in IIS causes 404's since, the file name is buried in the query string.
So If any one can fill me in on the severity of this exploit and then I can appropriately decide if I need to make some serious changes to multiple sites or find an alternative. Thanks Brook Davies maracasmedia ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4