Re: Adobe Security update: Hotfix available for ColdFusion
On Thu, Aug 12, 2010 at 3:13 PM, Gerald Guido wrote: > > As a related question, If I wanted to restrict access to the CF Admin would > .htaccess on Centos Linux/Apache be sufficient? Any method of securing /CFIDE/Administrator/* so that CFM pages are not executed until after the user authenticates will suffice. So Apache basic security, IIs integrated security both work pretty much the same as they pertain to protecting you here. Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336249 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Adobe Security update: Hotfix available for ColdFusion
>>>Being stuck on CF 7, does anyone know if locking down the CF administrator pages via Windows authentication is sufficient? (Versus the alternative of ... ?) As a related question, If I wanted to restrict access to the CF Admin would .htaccess on Centos Linux/Apache be sufficient? Or should I put other measures in place? If so, what other security measures would you all recommend. As always, many TIA, G? On Thu, Aug 12, 2010 at 2:44 PM, James Skemp wrote: > > Secunia advisory: http://secunia.com/advisories/40909/ > > Being stuck on CF 7, does anyone know if locking down the CF administrator > pages via Windows authentication is sufficient? (Versus the alternative of > ... ?) > > Thanks, > > ~James > > > >I believe it addresses a potential vulnerability in ColdFusion > >Administrator. > > > >--- Ben > > > > > >They don't say what the vulnerability is but... > >http://www.adobe.com/support/security/bulletins/apsb10-18.html > > > > > >-- > >Michael Dinowitz > >Lead Author - Adobe Coldfusion Anthology > > > http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272 > >155/?tag=houseoffusion > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336246 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Adobe Security update: Hotfix available for ColdFusion
test On Thu, Aug 12, 2010 at 11:44 AM, James Skemp wrote: > > Secunia advisory: http://secunia.com/advisories/40909/ > > Being stuck on CF 7, does anyone know if locking down the CF administrator > pages via Windows authentication is sufficient? (Versus the alternative of > ... ?) > > Thanks, > > ~James > > > >I believe it addresses a potential vulnerability in ColdFusion > >Administrator. > > > >--- Ben > > > > > >They don't say what the vulnerability is but... > >http://www.adobe.com/support/security/bulletins/apsb10-18.html > > > > > >-- > >Michael Dinowitz > >Lead Author - Adobe Coldfusion Anthology > > > http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272 > >155/?tag=houseoffusion > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336245 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Adobe Security update: Hotfix available for ColdFusion
Secunia advisory: http://secunia.com/advisories/40909/ Being stuck on CF 7, does anyone know if locking down the CF administrator pages via Windows authentication is sufficient? (Versus the alternative of ... ?) Thanks, ~James >I believe it addresses a potential vulnerability in ColdFusion >Administrator. > >--- Ben > > >They don't say what the vulnerability is but... >http://www.adobe.com/support/security/bulletins/apsb10-18.html > > >-- >Michael Dinowitz >Lead Author - Adobe Coldfusion Anthology >http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272 >155/?tag=houseoffusion ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336244 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Adobe Security update: Hotfix available for ColdFusion
write in plain english as well i take it this means the directory that the CFIDE directory is in? Extract the files in CFIDE-801.zip to the web root directory that consists of CFIDE folder. -- From: "Michael Dinowitz" Sent: 10 August 2010 22:12 To: "cf-talk" Subject: Re: Adobe Security update: Hotfix available for ColdFusion > > Yep. I didn't know that because the page that was sent out was > terribly unhelpful. The actual page with the download is here: > http://kb2.adobe.com/cps/857/cpsid_85766.html > > The link was in the text in the solution area. > > Ben, you might want to tell whoever writes the alerts at Adobe to make > the link to the download a lot more visible. > > Thanks > > > > On Tue, Aug 10, 2010 at 4:47 PM, Ben Forta wrote: >> >> I believe it addresses a potential vulnerability in ColdFusion >> Administrator. >> >> --- Ben > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336177 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Adobe Security update: Hotfix available for ColdFusion
Yep. I didn't know that because the page that was sent out was terribly unhelpful. The actual page with the download is here: http://kb2.adobe.com/cps/857/cpsid_85766.html The link was in the text in the solution area. Ben, you might want to tell whoever writes the alerts at Adobe to make the link to the download a lot more visible. Thanks On Tue, Aug 10, 2010 at 4:47 PM, Ben Forta wrote: > > I believe it addresses a potential vulnerability in ColdFusion > Administrator. > > --- Ben ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336175 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Adobe Security update: Hotfix available for ColdFusion
I believe it addresses a potential vulnerability in ColdFusion Administrator. --- Ben -Original Message- From: Michael Dinowitz [mailto:mdino...@houseoffusion.com] Sent: Tuesday, August 10, 2010 4:37 PM To: cf-talk Subject: Adobe Security update: Hotfix available for ColdFusion They don't say what the vulnerability is but... http://www.adobe.com/support/security/bulletins/apsb10-18.html -- Michael Dinowitz Lead Author - Adobe Coldfusion Anthology http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272 155/?tag=houseoffusion ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336174 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
