This is a multi-part message in MIME format.
------=_NextPart_000_03F1_01BFFD76.AD870AE0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
Allaire security problem - anyone know solution?The easiest solution is =
to remove the IIS mapping to .HTR from the system, which will result in =
a simple 404 error when called as shown below.
DC
----- Original Message -----=20
From: Dave Wilson=20
To: [EMAIL PROTECTED]=20
Sent: Thursday, August 03, 2000 16:26
Subject: Allaire security problem - anyone know solution?
Hi all,=20
One of my hosting clients has just made me aware of this major =
security=20
problem and I'm wondering if anyone knows how to eliminate it?=20
Try calling the application.cfm template on any CF site with +.htr =
appended=20
to the end of the url. You'll first see a blank page. Now hit =
refresh/reload=20
and you'll see the full code of said application.cfm=20
e.g. http://www.support.alllaire.com/application.cfm+.htr=20
Can someone please tell me there is a patch for this. It seems to =
happen on=20
all CFserver versions 4.x + running IS4.0 with Service pack 5=20
Dave=20
Dave Wilson=20
Internet Technology Manager,=20
BizNet Solutions=20
<Allaire Premier Partner>=20
Co-Founder CFUG Ireland=20
http://www.cfug.ie=20
224, Lisburn Road=20
Belfast BT9 6GE=20
Tel: 02890 225 776=20
Fax: 02890 223 223=20
web: http://www.biznet-solutions.com=20
email: [EMAIL PROTECTED]=20
=
-------------------------------------------------------------------------=
-----=20
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/=20
To Unsubscribe visit =
http://www.houseoffusion.com/index.cfm?sidebar=3Dlists&body=3Dlists/cf_ta=
lk or send a message to [EMAIL PROTECTED] with =
'unsubscribe' in the body.
------=_NextPart_000_03F1_01BFFD76.AD870AE0
Content-Type: text/html;
charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Allaire security problem - anyone know =
solution?</TITLE>
<META content=3D"text/html; charset=3Dwindows-1252" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.3018.900" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>The easiest solution is to remove the =
IIS mapping=20
to .HTR from the system, which will result in a simple 404 error when =
called as=20
shown below.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>DC</FONT></DIV>
<DIV> </DIV>
<BLOCKQUOTE=20
style=3D"BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: =
0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px">
<DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV=20
style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: =
black"><B>From:</B>=20
<A href=3D"mailto:[EMAIL PROTECTED]"=20
[EMAIL PROTECTED]>Dave Wilson</A> </DIV>
<DIV style=3D"FONT: 10pt arial"><B>To:</B> <A=20
href=3D"mailto:[EMAIL PROTECTED]"=20
[EMAIL PROTECTED]>[EMAIL PROTECTED]</A> </DIV>
<DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Thursday, August 03, 2000 =
16:26</DIV>
<DIV style=3D"FONT: 10pt arial"><B>Subject:</B> Allaire security =
problem -=20
anyone know solution?</DIV>
<DIV><BR></DIV>
<P><FONT size=3D2>Hi all,</FONT> </P>
<P><FONT size=3D2>One of my hosting clients has just made me aware of =
this major=20
security</FONT> <BR><FONT size=3D2>problem and I'm wondering if anyone =
knows how=20
to eliminate it?</FONT> </P>
<P><FONT size=3D2>Try calling the application.cfm template on any CF =
site with=20
+.htr appended</FONT> <BR><FONT size=3D2>to the end of the url. You'll =
first see=20
a blank page. Now hit refresh/reload</FONT> <BR><FONT size=3D2>and =
you'll see=20
the full code of said application.cfm</FONT> </P>
<P><FONT size=3D2>e.g. <A=20
href=3D"http://www.support.alllaire.com/application.cfm+.htr"=20
=
target=3D_blank>http://www.support.alllaire.com/application.cfm+.htr</A><=
/FONT>=20
</P>
<P><FONT size=3D2>Can someone please tell me there is a patch for =
this. It seems=20
to happen on</FONT> <BR><FONT size=3D2>all CFserver versions 4.x + =
running IS4.0=20
with Service pack 5</FONT> </P>
<P><FONT size=3D2>Dave</FONT> </P>
<P><FONT size=3D2>Dave Wilson</FONT> <BR><FONT size=3D2>Internet =
Technology=20
Manager,</FONT> <BR><FONT size=3D2>BizNet Solutions</FONT> </P>
<P><FONT size=3D2><Allaire Premier Partner></FONT> <BR><FONT=20
size=3D2>Co-Founder CFUG Ireland</FONT> <BR><FONT size=3D2><A=20
href=3D"http://www.cfug.ie" =
target=3D_blank>http://www.cfug.ie</A></FONT> </P>
<P><FONT size=3D2>224, Lisburn Road</FONT> <BR><FONT size=3D2>Belfast =
BT9=20
6GE</FONT> </P>
<P><FONT size=3D2>Tel: 02890 225 776</FONT> <BR><FONT size=3D2>Fax: =
02890 223=20
223</FONT> <BR><FONT size=3D2>web: <A =
href=3D"http://www.biznet-solutions.com"=20
target=3D_blank>http://www.biznet-solutions.com</A></FONT> </P>
<P><FONT size=3D2>email: [EMAIL PROTECTED]</FONT> </P>
<P><FONT=20
=
size=3D2>----------------------------------------------------------------=
--------------</FONT>=20
<BR><FONT size=3D2>Archives: <A=20
href=3D"http://www.mail-archive.com/cf-talk@houseoffusion.com/"=20
=
target=3D_blank>http://www.mail-archive.com/cf-talk@houseoffusion.com/</A=
></FONT>=20
<BR><FONT size=3D2>To Unsubscribe visit <A=20
=
href=3D"http://www.houseoffusion.com/index.cfm?sidebar=3Dlists&body=3D=
lists/cf_talk"=20
=
target=3D_blank>http://www.houseoffusion.com/index.cfm?sidebar=3Dlists&am=
p;body=3Dlists/cf_talk</A>=20
or send a message to [EMAIL PROTECTED] with =
'unsubscribe' in=20
the body.</FONT></P></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_03F1_01BFFD76.AD870AE0--
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
