ColdFusion 7 is no longer supported by Adobe. Therefore only customers who have "extended support", which you pay for, are entitled to a fix for CF7.
But has already been pointed out, just restrict your /CFIDE. Andy On 11 August 2010 22:17, Gerald Guido <gerald.gu...@gmail.com> wrote: > > Wait a second > > According the ProCheckUp site the vulnerability affects > > ColdFusion MX7 7,0,0,91690 base patches > ColdFusion MX8 8,0,1,195765 base patches > ColdFusion MX8 8,0,1,195765 with Hotfix4 > > And Adobe's Security bulletin says it affects ColdFusion 8.0, 8.0.1, 9.0, > 9.0.1 and earlier versions for Windows, Macintosh and UNIX > > Are there no patches for CF 7.01 or below? > > G? > > On Wed, Aug 11, 2010 at 4:50 PM, Procheckup news <n...@procheckup.com>wrote: > >> >> Millions of users of Adobeç´ ColdFusion programming language are at risk of >> losing control of their applications and websites. >> >> Penetration testing company ProCheckUp were able to access every file >> including username and passwords from a server running ColdFusion. This was >> completed through a directory traversal and file retrieval flaw found within >> ColdFusion administrator. A standard web browser was used to carry out the >> attack; knowledge of the admin password is not needed. >> >> A competent attacker would be able to steal files from the server and gain >> access to secure areas as well and eventually modify content or shut down >> the website or application. >> >> Richard Brain of ProCheckUp commented å ¸his is a trivial attack which can >> be performed easily by a competent engineer; ProCheckUp thanks Adobe for >> consciously working with us to produce a patch which fixes the traversal >> attack. By performing a simple Google search for inurl:index.cfm, it was >> found that over 80 million examples of  sites using Coldfusion. >> >> Procheckup has released an advisory relating to this flaw, though will not >> publish the exploit code for 7 days giving administrators time to apply the >> Adobe patches. Procheckup felt it unwise to delay releasing the exploit any >> longer, as the exploit is trivial and can be easily determined by analysing >> the patches. >> >> The full details of the vulnerability can be found on www.procheckup.com >> >> >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336220 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
