Re: Allaire security problem - anyone know solution?

Fri, 04 Aug 2000 00:22:15 -0700 

Allaire security bulletin says

Originally Posted: May 22, 2000
Last Updated: May 22, 2000

Why are we just finding out that our entire Server side code can be read???
I check the security section often, did I over look it?

We found out about DATA much sooner.

Rick



Excuse the rant.
----- Original Message -----
From: "Daniel J. Cody" <[EMAIL PROTECTED]>
Newsgroups: cf-talk
To: <[EMAIL PROTECTED]>
Sent: Thursday, August 03, 2000 9:46 AM
Subject: Re: Allaire security problem - anyone know solution?


> Dave, I wasn't able to reproduce this on CF 4.5.1 on Linux+Apache. I
> think this might be more of an IIS issue than a CF one. Check out
> http://www.securityfocus.com/focus/microsoft/iis/iismain.html for more
> info on .htr issues.
>
> .djc.
>
> Dave Wilson wrote:
> >
> > Hi all,
> >
> > One of my hosting clients has just made me aware of this major security
> > problem and I'm wondering if anyone knows how to eliminate it?
> >
> > Try calling the application.cfm template on any CF site with +.htr
appended
> > to the end of the url. You'll first see a blank page. Now hit
refresh/reload
> > and you'll see the full code of said application.cfm
> >
> > e.g. http://www.support.alllaire.com/application.cfm+.htr
> >
> > Can someone please tell me there is a patch for this. It seems to happen
on
> > all CFserver versions 4.x + running IS4.0 with Service pack 5
> --------------------------------------------------------------------------
----
> Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.


__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Reply via email to