Is the web server software set up to handle 404 errors? I took a quick peek
on a few sites, and it appears that when a 404 is handled gracefully, the
hole does not exist.
------------------------------------------
Dan O'Keefe
TriPoint Technologies
[EMAIL PROTECTED]
954.501.3113
-> -----Original Message-----
-> From: Dave Wilson [mailto:[EMAIL PROTECTED]]
-> Sent: Thursday, August 03, 2000 11:27 AM
-> To: [EMAIL PROTECTED]
-> Subject: Allaire security problem - anyone know solution?
->
->
-> Hi all,
->
-> One of my hosting clients has just made me aware of this major security
-> problem and I'm wondering if anyone knows how to eliminate it?
->
-> Try calling the application.cfm template on any CF site with
-> +.htr appended
-> to the end of the url. You'll first see a blank page. Now hit
-> refresh/reload
-> and you'll see the full code of said application.cfm
->
-> e.g. http://www.support.alllaire.com/application.cfm+.htr
->
-> Can someone please tell me there is a patch for this. It seems
-> to happen on
-> all CFserver versions 4.x + running IS4.0 with Service pack 5
->
-> Dave
->
-> Dave Wilson
-> Internet Technology Manager,
-> BizNet Solutions
->
-> <Allaire Premier Partner>
-> Co-Founder CFUG Ireland
-> http://www.cfug.ie
->
-> 224, Lisburn Road
-> Belfast BT9 6GE
->
-> Tel: 02890 225 776
-> Fax: 02890 223 223
-> web: http://www.biznet-solutions.com
->
-> email: [EMAIL PROTECTED]
->
-> -----------------------------------------------------------------
-> -------------
-> Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
-> To Unsubscribe visit
-> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/c
f_talk or send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
