Dear Allaire Customer -- The following Allaire Security Bulletin, has been updated and a ColdFusion Serverpatch has been made available at the Allaire Security Zone (http://www.allaire.com/security): ASB99-10: Addressing Potential Security Issues with Undocumented CFML Tags and Functions Used in the ColdFusion Administrator (Patch Available) The updated bulletin and patch address potential security issues with undocumented CFML tags and functions used in the ColdFusion Administrator for customers and ISPs hosting multiple ColdFusion 3.12 and 4.01 applications on a single server machine. NOTE: If you are not hosting multiple ColdFusion 3.12 and 4.01 applications on a single server machine, you should not require this patch. As a Web application platform vendor, one of our highest concerns is the security of the systems our customers deploy. We understand how important security is to our customers, and we're committed to providing the technology and information customers need to build secure Web applications. Thank you for your time and consideration on this issue. -- Damon Cooper Security Response Team Coordinator, Allaire Corporation P.S. As a reminder, Allaire has set up an email address that customers can use to report security issues associated with an Allaire product: secureat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:05:51 PDT