-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Notice the workaround...
"You should remove the CFDOCS directory. In a typical installation,
that directory resides at:
{webroot}/CFDOCS/"
Anyone that has the sample scripts on their production CF box should
be flogged anyway This isn't a
Subject: Allaire ColdFusion Sample Script DoS Vulnerability
This is kind of silly. It's a sample script exploit. You should never
install sample scripts onto any production server. Period. If you do, bad
things can happen to you. In fact, by default, I think that CF doesn't even
install sample
Ancient History.
Remove Docs and Sample Apps.
If I remember correctly, this was corrected with the release of 4.0.1
Heath
-Original Message-
From: Robert Everland [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 13, 2000 12:51 PM
To: CF-Talk
Subject: Allaire ColdFusion Sample Script
This exploit should not effect most sites, considering sample code should
not be installed on a production server in the first place. This goes back
to other exploits that exist due to sample code that was installed by
Allaire in previous versions.
Jeff Sarsoun
-Original Message-
From:
For those who fall victim to this .. *smack*! ;)
Todd Ashworth
-Original Message-
http://www.securityfocus.com/frames/?content=/vdb/%3Fid%3D2094
~~
Structure your ColdFusion code with Fusebox. Get the official book at
ColdFusion Sample Script DoS Vulnerability
This exploit should not effect most sites, considering sample code should
not be installed on a production server in the first place. This goes back
to other exploits that exist due to sample code that was installed by
Allaire in previous versions
6 matches
Mail list logo