Re: Adobe Security update: Hotfix available for ColdFusion

2010-08-12 Thread James Skemp
Secunia advisory: http://secunia.com/advisories/40909/ Being stuck on CF 7, does anyone know if locking down the CF administrator pages via Windows authentication is sufficient? (Versus the alternative of ... ?) Thanks, ~James I believe it addresses a potential vulnerability in

Re: Adobe Security update: Hotfix available for ColdFusion

2010-08-12 Thread Brett Hellman
test On Thu, Aug 12, 2010 at 11:44 AM, James Skemp jsk...@wisbar.org wrote: Secunia advisory: http://secunia.com/advisories/40909/ Being stuck on CF 7, does anyone know if locking down the CF administrator pages via Windows authentication is sufficient? (Versus the alternative of ... ?)

Re: Adobe Security update: Hotfix available for ColdFusion

2010-08-12 Thread Gerald Guido
Being stuck on CF 7, does anyone know if locking down the CF administrator pages via Windows authentication is sufficient? (Versus the alternative of ... ?) As a related question, If I wanted to restrict access to the CF Admin would .htaccess on Centos Linux/Apache be sufficient? Or should I put

Re: Adobe Security update: Hotfix available for ColdFusion

2010-08-12 Thread Rick Root
On Thu, Aug 12, 2010 at 3:13 PM, Gerald Guido gerald.gu...@gmail.com wrote: As a related question, If I wanted to restrict access to the CF Admin would .htaccess on Centos Linux/Apache be sufficient? Any method of securing /CFIDE/Administrator/* so that CFM pages are not executed until after

Re: Adobe Security update: Hotfix available for ColdFusion

2010-08-11 Thread Paul Stewart
...@houseoffusion.com Sent: 10 August 2010 22:12 To: cf-talk cf-talk@houseoffusion.com Subject: Re: Adobe Security update: Hotfix available for ColdFusion Yep. I didn't know that because the page that was sent out was terribly unhelpful. The actual page with the download is here: http://kb2.adobe.com/cps/857

Adobe Security update: Hotfix available for ColdFusion

2010-08-10 Thread Michael Dinowitz
They don't say what the vulnerability is but... http://www.adobe.com/support/security/bulletins/apsb10-18.html -- Michael Dinowitz Lead Author - Adobe Coldfusion Anthology http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion

RE: Adobe Security update: Hotfix available for ColdFusion

2010-08-10 Thread Ben Forta
I believe it addresses a potential vulnerability in ColdFusion Administrator. --- Ben -Original Message- From: Michael Dinowitz [mailto:mdino...@houseoffusion.com] Sent: Tuesday, August 10, 2010 4:37 PM To: cf-talk Subject: Adobe Security update: Hotfix available for ColdFusion

Re: Adobe Security update: Hotfix available for ColdFusion

2010-08-10 Thread Michael Dinowitz
Yep. I didn't know that because the page that was sent out was terribly unhelpful. The actual page with the download is here: http://kb2.adobe.com/cps/857/cpsid_85766.html The link was in the text in the solution area. Ben, you might want to tell whoever writes the alerts at Adobe to make the