Regrettably Adobe has seen fit to release only patches for version 8 and version 9.
The easiest solution is to restrict access to /CFIDE/, which unfortunately only a slight majority of Coldfusion sites have done. The greatest problem is that the patches can be easily analysed and reverse engineered to identify the exploit, an experienced person can do this in 4-5 hours. My intention is not to spread FUD, but to ensure people are patched and 'ready' ASAP. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336199 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm