Dave, I wasn't able to reproduce this on CF 4.5.1 on Linux+Apache. I think this might be more of an IIS issue than a CF one. Check out http://www.securityfocus.com/focus/microsoft/iis/iismain.html for more info on .htr issues. .djc. Dave Wilson wrote: > > Hi all, > > One of my hosting clients has just made me aware of this major security > problem and I'm wondering if anyone knows how to eliminate it? > > Try calling the application.cfm template on any CF site with +.htr appended > to the end of the url. You'll first see a blank page. Now hit refresh/reload > and you'll see the full code of said application.cfm > > e.g. http://www.support.alllaire.com/application.cfm+.htr > > Can someone please tell me there is a patch for this. It seems to happen on > all CFserver versions 4.x + running IS4.0 with Service pack 5 ------------------------------------------------------------------------------ Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
- Allaire security problem - anyone know solution? Dave Wilson
- Re: Allaire security problem - anyone know solut... Adam Breaux
- RE: Allaire security problem - anyone know s... Dan O'Keefe
- RE: Allaire security problem - anyone know solut... Dave Watts
- RE: Allaire security problem - anyone know s... Brian L. Wolfsohn
- RE: Allaire security problem - anyone kn... Dave Watts
- problem with mail attachements Christopher S Martin
- RE: Allaire security problem - anyone know solut... Carlos Vazquez
- Re: Allaire security problem - anyone know solut... Daniel J. Cody
- Re: Allaire security problem - anyone know s... Mooner Ent
- RE: Allaire security problem - anyone kn... Johan Coens
- RE: Allaire security problem - anyon... Rick Osborne
- RE: Allaire security problem - ... Johan Coens
- Re: Allaire security problem - anyone know solut... David E. Crawford
- Re: Allaire security problem - anyone know solut... David E. Crawford
- RE: Allaire security problem - anyone know solut... Dan O'Keefe
- RE: Allaire security problem - anyone know s... Brian Thornton
- RE: Allaire security problem - anyone know solut... Dan O'Keefe
- RE: Allaire security problem - anyone know s... Jon Tillman