There's nothing OS-specific about the vulnerability, as far as I can see. Dave Watts, CTO, Fig Leaf Software
-----Original Message----- From: James Holmes <james.hol...@gmail.com> Sent: Thursday, 02 July, 2009 20:56 To: cf-talk <cf-talk@houseoffusion.com> Subject: Re: New CF8 vulnerability And that's why our prod servers are read only (and Linux). mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ 2009/7/3 Dave Watts <dwa...@figleaf.com>: > > You may want to check for this on any clients/projects you've worked with: > http://isc.sans.org/diary.html?storyid=6715 > > Remediation steps available here: > http://www.codfusion.com/blog/post.cfm/cf8-and-fckeditor-security-threat > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > > Fig Leaf Software provides the highest caliber vendor-authorized > instruction at our training centers in Washington DC, Atlanta, > Chicago, Baltimore, Northern Virginia, or on-site at your location. > Visit http://training.figleaf.com/ for more information! > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324182 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4