RE: Allaire security problem - anyone know solution?

Thu, 03 Aug 2000 18:54:23 -0700 

I found it in all of my sites... It's blank but in the source...

www.lvtb.com/application.cfm+.htr


At 01:40 PM 8/3/2000 -0500, you wrote:
>Is the web server software set up to handle 404 errors? I took a quick peek
>on a few sites, and it appears that when a 404 is handled gracefully, the
>hole does not exist.
>
>------------------------------------------
>Dan O'Keefe
>TriPoint Technologies
>[EMAIL PROTECTED]
>954.501.3113
>
>-> -----Original Message-----
>-> From: Dave Wilson [mailto:[EMAIL PROTECTED]]
>-> Sent: Thursday, August 03, 2000 11:27 AM
>-> To: [EMAIL PROTECTED]
>-> Subject: Allaire security problem - anyone know solution?
>->
>->
>-> Hi all,
>->
>-> One of my hosting clients has just made me aware of this major security
>-> problem and I'm wondering if anyone knows how to eliminate it?
>->
>-> Try calling the application.cfm template on any CF site with
>-> +.htr appended
>-> to the end of the url. You'll first see a blank page. Now hit
>-> refresh/reload
>-> and you'll see the full code of said application.cfm
>->
>-> e.g. http://www.support.alllaire.com/application.cfm+.htr
>->
>-> Can someone please tell me there is a patch for this. It seems
>-> to happen on
>-> all CFserver versions 4.x + running IS4.0 with Service pack 5
>->
>-> Dave
>->
>-> Dave Wilson
>-> Internet Technology Manager,
>-> BizNet Solutions
>->
>-> <Allaire Premier Partner>
>-> Co-Founder CFUG Ireland
>-> http://www.cfug.ie
>->
>-> 224, Lisburn Road
>-> Belfast BT9 6GE
>->
>-> Tel: 02890 225 776
>-> Fax: 02890 223 223
>-> web: http://www.biznet-solutions.com
>->
>-> email: [EMAIL PROTECTED]
>->
>-> -----------------------------------------------------------------
>-> -------------
>-> Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
>-> To Unsubscribe visit
>-> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/c
>f_talk or send a message to [EMAIL PROTECTED] with
>'unsubscribe' in the body.
>
>------------------------------------------------------------------------------
>Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
>To Unsubscribe visit 
>http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or 
>send a message to [EMAIL PROTECTED] with 'unsubscribe' in 
>the body.

-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/
Brian Thornton
The Internet Design Firm
910 16th Street #810
Denver, CO 80202
phone. 303.893.6628
[EMAIL PROTECTED]
www.tidf.com

------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Reply via email to