[cfaussie] Re: Security update: Hotfix available for ColdFusion
On Aug 12, 8:39 am, Kai Koenig k...@koeni.de wrote: Sorry for the crosspost to the NZ and AU lists, but you might want to install this one rather sooner than later: http://www.adobe.com/support/security/bulletins/apsb10-18.html Cheers Kai is this a problem for CF 6.1 ? hackmycf says it is but there don't appear to be CF6 specific downloads -- Kai Koenig - Ventego Creative Ltd ph: +64 4 476 6781 - mob: +64 21 928 365 / +61 450 132 117 web:http://www.ventego-creative.co.nz blog:http://www.bloginblack.de twitter:http://www.twitter.com/agentK -- -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaus...@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
Re: [cfaussie] Re: Security update: Hotfix available for ColdFusion
6.1 isn't supported by Adobe anymore, and hasn't for a while. http://kb2.adobe.com/cps/402/kb402091.html You can resolve this issue by restricting access to the cfadmin as described previously in this thread. Mark On Wed, Aug 18, 2010 at 12:30 PM, Stephen M sgmul...@gmail.com wrote: On Aug 12, 8:39 am, Kai Koenig k...@koeni.de wrote: Sorry for the crosspost to the NZ and AU lists, but you might want to install this one rather sooner than later: http://www.adobe.com/support/security/bulletins/apsb10-18.html Cheers Kai is this a problem for CF 6.1 ? hackmycf says it is but there don't appear to be CF6 specific downloads -- Kai Koenig - Ventego Creative Ltd ph: +64 4 476 6781 - mob: +64 21 928 365 / +61 450 132 117 web:http://www.ventego-creative.co.nz blog:http://www.bloginblack.de twitter:http://www.twitter.com/agentK -- -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaus...@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.comcfaussie%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en. -- E: mark.man...@gmail.com T: http://www.twitter.com/neurotic W: www.compoundtheory.com cf.Objective(ANZ) - Nov 18, 19 - Melbourne Australia http://www.cfobjective.com.au Hands-on ColdFusion ORM Training www.ColdFusionOrmTraining.com -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaus...@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
Re: [cfaussie] Re: Security update: Hotfix available for ColdFusion
Everything up to and including CF 7 is out of support (so and so many years after release), therefore no hotfixes etc anymore. Kai On 18/08/2010, at 4:20 PM, Andrew Scott wrote: Adobe don't support CF6.0 anymore, and I think CF7.0 is the same as well. Adam might pipe in here, but I believe that this is why there isn't an update. Regards, Andrew Scott http://www.andyscott.id.au/ -Original Message- From: cfaussie@googlegroups.com [mailto:cfaus...@googlegroups.com] On Behalf Of Stephen M Sent: Wednesday, 18 August 2010 12:31 PM To: cfaussie Subject: [cfaussie] Re: Security update: Hotfix available for ColdFusion On Aug 12, 8:39 am, Kai Koenig k...@koeni.de wrote: Sorry for the crosspost to the NZ and AU lists, but you might want to install this one rather sooner than later: http://www.adobe.com/support/security/bulletins/apsb10-18.html Cheers Kai is this a problem for CF 6.1 ? hackmycf says it is but there don't appear to be CF6 specific downloads -- Kai Koenig - Ventego Creative Ltd ph: +64 4 476 6781 - mob: +64 21 928 365 / +61 450 132 117 web:http://www.ventego-creative.co.nz blog:http://www.bloginblack.de twitter:http://www.twitter.com/agentK -- -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaus...@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en. -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaus...@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en. -- Kai Koenig - Ventego Creative Ltd ph: +64 4 476 6781 - mob: +64 21 928 365 / +61 450 132 117 web: http://www.ventego-creative.co.nz blog: http://www.bloginblack.de twitter: http://www.twitter.com/agentK -- -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaus...@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
[cfaussie] Re: Security update: Hotfix available for ColdFusion
Thanks Guys. I would have been unaware of this had it not been for the cfaussie list. Is there an official announcements list I can join? Regards, Andrew. On Aug 12, 10:52 am, charlie arehart charlie_li...@carehart.org wrote: Well, no, because that would then expose to bad guys how they could use the vulnerability for ill. Really, every shop should apply it, but as it notes, the key is an exposure via the CF Admin, so if you have your CF Admin available to the public, you're vulnerable. If you require web server authentication, or have IP restrictions, etc, that certainly limits your exposure, but really, everyone should apply the fix. (To be clear, it's NOT enough that your Admin requires a password as defined within the CF Admin!) I will say this, Pete Frietag has said he will be updating his HackMyCF service to check for this vulnerability, which will be the best way for people to check (without the exploit being exposed). It's a FREE web-based service where you point it to your site, it runs its checks, and emails you a report. More at hackmycf.com. If I hear that he has updated it, I'll pass it on. /charlie -Original Message- From: cfaussie@googlegroups.com [mailto:cfaus...@googlegroups.com] On Behalf Of Steve Onnis Sent: Wednesday, August 11, 2010 8:22 PM To: cfaussie@googlegroups.com Subject: RE: [cfaussie] Security update: Hotfix available for ColdFusion They couldn't give more information about the actual security issue?? -Original Message- From: Kai Koenig [mailto:k...@koeni.de] Sent: Thursday, 12 August 2010 8:39 AM To: cfugauckl...@googlegroups.com; cfaussie@googlegroups.com Subject: [cfaussie] Security update: Hotfix available for ColdFusion Sorry for the crosspost to the NZ and AU lists, but you might want to install this one rather sooner than later: http://www.adobe.com/support/security/bulletins/apsb10-18.html Cheers Kai -- Kai Koenig - Ventego Creative Ltd ph: +64 4 476 6781 - mob: +64 21 928 365 / +61 450 132 117 web:http://www.ventego-creative.co.nz blog:http://www.bloginblack.de twitter:http://www.twitter.com/agentK -- -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaus...@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en. -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaus...@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en. -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaus...@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
Re: [cfaussie] Re: Security update: Hotfix available for ColdFusion
On Wed, Aug 11, 2010 at 11:38 PM, Andrew am2...@gmail.com wrote: Thanks Guys. I would have been unaware of this had it not been for the cfaussie list. Is there an official announcements list I can join? Yes, you can sign up for notifications from this page: http://www.adobe.com/support/security/ -- Sean A Corfield -- (904) 302-SEAN Railo Technologies, Inc. -- http://getrailo.com/ An Architect's View -- http://corfield.org/ If you're not annoying somebody, you're not really alive. -- Margaret Atwood -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaus...@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
Re: [cfaussie] Re: Security update: Hotfix available for ColdFusion
Hi Andrew, There is a link for signing up for email notification here; http://www.adobe.com/support/security/ Gavin Beau Baumanis On 12/08/2010, at 4:38 PM, Andrew wrote: Thanks Guys. I would have been unaware of this had it not been for the cfaussie list. Is there an official announcements list I can join? Regards, Andrew. On Aug 12, 10:52 am, charlie arehart charlie_li...@carehart.org wrote: Well, no, because that would then expose to bad guys how they could use the vulnerability for ill. Really, every shop should apply it, but as it notes, the key is an exposure via the CF Admin, so if you have your CF Admin available to the public, you're vulnerable. If you require web server authentication, or have IP restrictions, etc, that certainly limits your exposure, but really, everyone should apply the fix. (To be clear, it's NOT enough that your Admin requires a password as defined within the CF Admin!) I will say this, Pete Frietag has said he will be updating his HackMyCF service to check for this vulnerability, which will be the best way for people to check (without the exploit being exposed). It's a FREE web-based service where you point it to your site, it runs its checks, and emails you a report. More at hackmycf.com. If I hear that he has updated it, I'll pass it on. /charlie -Original Message- From: cfaussie@googlegroups.com [mailto:cfaus...@googlegroups.com] On Behalf Of Steve Onnis Sent: Wednesday, August 11, 2010 8:22 PM To: cfaussie@googlegroups.com Subject: RE: [cfaussie] Security update: Hotfix available for ColdFusion They couldn't give more information about the actual security issue?? -Original Message- From: Kai Koenig [mailto:k...@koeni.de] Sent: Thursday, 12 August 2010 8:39 AM To: cfugauckl...@googlegroups.com; cfaussie@googlegroups.com Subject: [cfaussie] Security update: Hotfix available for ColdFusion Sorry for the crosspost to the NZ and AU lists, but you might want to install this one rather sooner than later: http://www.adobe.com/support/security/bulletins/apsb10-18.html Cheers Kai -- Kai Koenig - Ventego Creative Ltd ph: +64 4 476 6781 - mob: +64 21 928 365 / +61 450 132 117 web:http://www.ventego-creative.co.nz blog:http://www.bloginblack.de twitter:http://www.twitter.com/agentK -- -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaus...@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en. -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaus...@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en. -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaus...@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en. -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaus...@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.