RE: Allaire security problem - anyone know solution?

Thu, 03 Aug 2000 12:54:37 -0700 



-----Original Message-----
From: Kevin Queen [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 03, 2000 1:22 PM
To: Dave Wilson [[EMAIL PROTECTED]]
Subject: RE: Allaire security problem - anyone know solution?


Dave,

I have seen this same error in ASP with ::$DATA, the way to fix that one is
to associate the extension .asp::$DATA with the asp.dll, so it would follow
that if you associate the .cfm+.htr extension w/ the cfml parser.  I am not
to sure how what the CF parser .exe and/or .dll is however. (The error is on
<HUGE SECURITY HOLE>ANY<?HUGE SECURITY HOLE> CFM page)

-Kevin

P.S. - I have been getting errors posting to the list lately, if you would
please post this to the list when you receive.


-----Original Message-----
From: Dave Wilson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 03, 2000 12:27 PM
To: [EMAIL PROTECTED]
Subject: Allaire security problem - anyone know solution?


Hi all,

One of my hosting clients has just made me aware of this major security
problem and I'm wondering if anyone knows how to eliminate it?

Try calling the application.cfm template on any CF site with +.htr appended
to the end of the url. You'll first see a blank page. Now hit refresh/reload
and you'll see the full code of said application.cfm

e.g. http://www.support.alllaire.com/application.cfm+.htr

Can someone please tell me there is a patch for this. It seems to happen on
all CFserver versions 4.x + running IS4.0 with Service pack 5

Dave

Dave Wilson
Internet Technology Manager,
BizNet Solutions

<Allaire Premier Partner>
Co-Founder CFUG Ireland
http://www.cfug.ie

224, Lisburn Road
Belfast BT9 6GE

Tel: 02890 225 776
Fax: 02890 223 223
web: http://www.biznet-solutions.com

email: [EMAIL PROTECTED]

----------------------------------------------------------------------------
--
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.

------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Reply via email to