New Cold Fusion vulnerability

From: Jean-Francois Prieur (jfp51at_private)
Date: Thu Jul 12 2001 - 01:39:29 PDT

Next message: Georgi Guninski: "MS Office XP - the more money I give to Microsoft, the more vulnerable my Windows computers are"

Previous message: 3APA3A: "SECURITY.NNOV: directory traversal and path globing in multiple archivers"
Next in thread: Giovannetti, Mark: "RE: New Cold Fusion vulnerability"
Reply: Giovannetti, Mark: "RE: New Cold Fusion vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

Like others I have seen the security advisory concerning Cold Fusion 
versions 2 to 4.5.1 SP2. What concerns me, and, evidently, others on 
the cold fusion boards, is the lack of details about this vulnerability.

Usually, you would see a serious vulnerability like this being 
discussed on some mailing lists a few hours before a bulletin being 
issued, yet in this case, nothing.

Maybe we are just paranoid, but since Allaire/Macromedia just released 
vesion 5 which is not vulnerable, is this just a ploy to get people to 
upgrade? This and the fact that there is a 3-8% performance degredation 
when you install the patch makes me want to know more about this. Also, 
if you are using NT4 and IIS, the patch breaks your server if you don't 
install MSVCRT 6.0 runtime files beforehand, so be careful.

Anyone have any further info?

Thanks,
JF Prieur

Next message: Georgi Guninski: "MS Office XP - the more money I give to Microsoft, the more vulnerable my Windows computers are"
Previous message: 3APA3A: "SECURITY.NNOV: directory traversal and path globing in multiple archivers"
Next in thread: Giovannetti, Mark: "RE: New Cold Fusion vulnerability"
Reply: Giovannetti, Mark: "RE: New Cold Fusion vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 12 2001 - 11:53:35 PDT