> .. > </quote> http://online.securityfocus.com/archive/1/268263 > > > CF 4.5.1 SP2 on NT4 SP6a has this vulnerability as well. Luckily it > appears that the problem is mitigated by having a site wide error handler. > > I have to admit I am extremely unhappy with the workaround MM appears to > have suggested. > > Jochem > Err.... I don't get that "vulnerability" at all.
I'm running CF5 on IIS5 on Win2k and I get plain boring "HTTP/1.0 404 Object Not Found". If you leave the debugging on, then maybe you would. actually no that's a lie, because I just tested on a box where I have every single bit of debugging turned on for my IP address. Now - if you access a page where there is a missing cfinclude file and you have the debug option "Display the Template Path in Error Messages" switched on, then you will display the full file path. However, that particular debug option has this text next to it: "The template's file name is useful for debugging, but may be a security hazard because it displays information about a server's file structure." Stephen ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. ------------------------------------------------------------------------------ To unsubscribe, send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body or visit the list page at www.houseoffusion.com
