FYI: <quote> Problem: ======== Requests for certain DOS-devices are parsed by the isapi filter that handles .cfm and .dbm and result in error messages containing the physical path to the web root.
Vulnerable: =========== - Coldfusion 5.0 on Windows 2000 w. IIS5 - Other versions were not tested. .. </quote> http://online.securityfocus.com/archive/1/268263 CF 4.5.1 SP2 on NT4 SP6a has this vulnerability as well. Luckily it appears that the problem is mitigated by having a site wide error handler. I have to admit I am extremely unhappy with the workaround MM appears to have suggested. Jochem ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm ------------------------------------------------------------------------------ To unsubscribe, send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body or visit the list page at www.houseoffusion.com
