Nope, it's definitely NOT a Cold Fusion security bug, but as has been pointed out an
IIS bug. We use Apache and have never had that bug with Cold Fusion.
At 01:11 PM 10/6/00 -0700, Warrick, Mark wrote:
>Nope. It's a ColdFusion thing as well.
>
>Here's the official Allaire Security bulletins site:
>http://www.allaire.com/developer/securityzone/
>
>You may also want to sign up on their mailing list. (the bulletins come out every
>few months or so).
>
>---mark
>
>--------------------------------------------------------------
>Mark Warrick
>Phone: (714) 547-5386
>Efax.com Fax: (801) 730-7289
>Personal Email: [EMAIL PROTECTED]
>Personal URL: http://www.warrick.net
>Business Email: [EMAIL PROTECTED]
>Business URL: http://www.fusioneers.com
>ICQ: 346566
>--------------------------------------------------------------
>
>
>> -----Original Message-----
>> From: Peter Theobald [mailto:[EMAIL PROTECTED]]
>> Sent: Friday, October 06, 2000 9:40 AM
>> To: CF-Talk
>> Cc: James Dunham
>> Subject: Re: A list of known security holes?
>>
>>
>> I thought +htr was an ASP security bug only?
>>
>> At 11:30 AM 10/6/00 -0400, Nadir Ait-Laoussine wrote:
>> >This message is in MIME format. Since your mail reader does not
>> understand
>> >this format, some or all of this message may not be legible.
>> >
>> >------_=_NextPart_001_01C02FAA.59D650C2
>> >Content-Type: text/plain;
>> > charset="iso-8859-1"
>> >
>> >Hello all;
>> >
>> >Does anyone know of a good web site that lists the security
>> holes with all
>> >the major web servers / CF server / Databases.
>> >I recently came across the .+htr hole and am wondering about any other
>> >things that should be looked at.
>> >
>> >Thanks
>> >
>> >Nadir
>> >
>> >------_=_NextPart_001_01C02FAA.59D650C2
>> >Content-Type: text/html;
>> > charset="iso-8859-1"
>> >
>> ><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
>> >Hello all;
>> >
>> >Does anyone know of a good web site that lists the security
>> holes with all the major web servers / CF server / Databases.
>> >I recently came across the .+htr hole and am wondering about any
>> other things that should be looked at.
>> >
>> >Thanks
>> >
>> >Nadir
>> >
>> >------_=_NextPart_001_01C02FAA.59D650C2--
>> >-----------------------------------------------------------------
>> -------------
>> >Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
>> >To Unsubscribe visit
>> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf
>_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in
>the body.
>
>
>---------------------------------------------------------------------------
>Peter Theobald, Chief Technology Officer
>LiquidStreaming http://www.liquidstreaming.com
>[EMAIL PROTECTED]
>Phone 1.212.545.1232 x204 Fax 1.212.545.0938
>
>------------------------------------------------------------------------------
>Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
>To Unsubscribe visit
>http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
>message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
>
>------------------------------------------------------------------------------
>Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
>To Unsubscribe visit
>http://www.houseoffusion.com/index.cfm?sidebarsts&bodysts/cf_talk or send a message
>to [EMAIL PROTECTED] with 'unsubscribe' in the body.
---------------------------------------------------------------------------
Peter Theobald, Chief Technology Officer
LiquidStreaming http://www.liquidstreaming.com
[EMAIL PROTECTED]
Phone 1.212.545.1232 x204 Fax 1.212.545.0938
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
