Wait a second According the ProCheckUp site the vulnerability affects
ColdFusion MX7 7,0,0,91690 base patches ColdFusion MX8 8,0,1,195765 base patches ColdFusion MX8 8,0,1,195765 with Hotfix4 And Adobe's Security bulletin says it affects ColdFusion 8.0, 8.0.1, 9.0, 9.0.1 and earlier versions for Windows, Macintosh and UNIX Are there no patches for CF 7.01 or below? G? On Wed, Aug 11, 2010 at 4:50 PM, Procheckup news <n...@procheckup.com>wrote: > > Millions of users of Adobes ColdFusion programming language are at risk of > losing control of their applications and websites. > > Penetration testing company ProCheckUp were able to access every file > including username and passwords from a server running ColdFusion. This was > completed through a directory traversal and file retrieval flaw found within > ColdFusion administrator. A standard web browser was used to carry out the > attack; knowledge of the admin password is not needed. > > A competent attacker would be able to steal files from the server and gain > access to secure areas as well and eventually modify content or shut down > the website or application. > > Richard Brain of ProCheckUp commented This is a trivial attack which can > be performed easily by a competent engineer; ProCheckUp thanks Adobe for > consciously working with us to produce a patch which fixes the traversal > attack. By performing a simple Google search for inurl:index.cfm, it was > found that over 80 million examples of sites using Coldfusion. > > Procheckup has released an advisory relating to this flaw, though will not > publish the exploit code for 7 days giving administrators time to apply the > Adobe patches. Procheckup felt it unwise to delay releasing the exploit any > longer, as the exploit is trivial and can be easily determined by analysing > the patches. > > The full details of the vulnerability can be found on www.procheckup.com > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336197 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
