FYI - from CF-Talk. ---------- Forwarded message ---------- From: Pete Freitag <pfrei...@gmail.com> Date: Fri, Jan 29, 2010 at 12:38 PM Subject: CF9 Solr Security Vulnerability To: cf-talk <cf-t...@houseoffusion.com>
Hi Folks, Incase you missed it, Adobe just released a security bulletin for CF9: http://www.adobe.com/support/security/bulletins/apsb10-04.html Essentially the CF9 solr service runs on port 8983 on your servers public IP's, instead of just 127.0.0.1, which leaves your solr collections open. The technote to fix it is here: http://kb2.adobe.com/cps/807/cpsid_80719.html I have blogged some more about it here: http://www.petefreitag.com/item/738.cfm Pete Freitag http://foundeo.com/ - ColdFusion Consulting & Products http://petefreitag.com/ - My Blog http://hackmycf.com - Is your ColdFusion Server Secure? ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------