Re: Allaire security problem - anyone know solution?

[Daniel J. Cody]

Dave, I wasn't able to reproduce this on CF 4.5.1 on Linux+Apache. I
think this might be more of an IIS issue than a CF one. Check out
http://www.securityfocus.com/focus/microsoft/iis/iismain.html for more
info on .htr issues.

.djc.

Dave Wilson wrote:
> 
> Hi all,
> 
> One of my hosting clients has just made me aware of this major security
> problem and I'm wondering if anyone knows how to eliminate it?
> 
> Try calling the application.cfm template on any CF site with +.htr appended
> to the end of the url. You'll first see a blank page. Now hit refresh/reload
> and you'll see the full code of said application.cfm
> 
> e.g. http://www.support.alllaire.com/application.cfm+.htr
> 
> Can someone please tell me there is a patch for this. It seems to happen on
> all CFserver versions 4.x + running IS4.0 with Service pack 5
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.