RE: Allaire security problem - anyone know solution?

Thu, 03 Aug 2000 13:39:01 -0700 

My collegue and I here tried this on our server too and ran into the same
problem.
So we went into iis and right clicked on our domain name.
Clicked on "properties".
Clicked on the "Home Directory" tab
Clicked on the "Configuration" button.
Selected ".htr" and clicked "Remove"
Restarted IIS for that domain and this solved the problem.


__________________________________
Carlos Vazquez
Web Administrator
www.locateadoc.com
www.mojointeractive.com

> -----Original Message-----
> From: Dave Wilson [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 03, 2000 12:27 PM
> To: [EMAIL PROTECTED]
> Subject: Allaire security problem - anyone know solution?
>
>
> Hi all,
>
> One of my hosting clients has just made me aware of this major security
> problem and I'm wondering if anyone knows how to eliminate it?
>
> Try calling the application.cfm template on any CF site with
> +.htr appended
> to the end of the url. You'll first see a blank page. Now hit
> refresh/reload
> and you'll see the full code of said application.cfm
>
> e.g. http://www.support.alllaire.com/application.cfm+.htr
>
> Can someone please tell me there is a patch for this. It seems to
> happen on
> all CFserver versions 4.x + running IS4.0 with Service pack 5
>
> Dave
>
> Dave Wilson
> Internet Technology Manager,
> BizNet Solutions
>
> <Allaire Premier Partner>
> Co-Founder CFUG Ireland
> http://www.cfug.ie
>
> 224, Lisburn Road
> Belfast BT9 6GE
>
> Tel: 02890 225 776
> Fax: 02890 223 223
> web: http://www.biznet-solutions.com
>
> email: [EMAIL PROTECTED]
>
> ------------------------------------------------------------------
> ------------
> Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.

------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Reply via email to