« Return to Thread: New CF8 vulnerability

RE: New CF8 vulnerability

by Dave Watts :: Rate this Message:

There's nothing OS-specific about the vulnerability, as far as I can see.

Dave Watts, CTO, Fig Leaf Software

-----Original Message-----
From: James Holmes <james.holmes@...>
Sent: Thursday, 02 July, 2009 20:56
To: cf-talk <cf-talk@...>
Subject: Re: New CF8 vulnerability

And that's why our prod servers are read only (and Linux).

mxAjax / CFAjax docs and other useful articles:
http://www.bifrost.com.au/blog/

2009/7/3 Dave Watts <dwatts@...>:

>
> You may want to check for this on any clients/projects you've worked with:
> http://isc.sans.org/diary.html?storyid=6715
>
> Remediation steps available here:
> http://www.codfusion.com/blog/post.cfm/cf8-and-fckeditor-security-threat
>
> Dave Watts, CTO, Fig Leaf Software
> http://www.figleaf.com/
>
> Fig Leaf Software provides the highest caliber vendor-authorized
> instruction at our training centers in Washington DC, Atlanta,
> Chicago, Baltimore, Northern Virginia, or on-site at your location.
> Visit http://training.figleaf.com/ for more information!
>
>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists
Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324182
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=17837.14401.4

« Return to Thread: New CF8 vulnerability