My understanding of this was that anybody could run the CFM template regardless of their NTFS file permissions, for that template.
Cheers --- [EMAIL PROTECTED] wrote: > Hello Weekenders, > > I'm sure most of you got the MM Security bulletin > the other day > (http://www.macromedia.com/security). I am trying to > figure out what the > security breach is if the steps outlines in the > Security Bulletin are not > taken. It doesn't describe what level of access an > attacker could gain > through this exploit. And since we use the SES Url's > > (mysite.com/index.cfm/myvar/myvarvalue/), I can not > easily implement this > security fix because checking the "check that file > exists" box in IIS > causes 404's since, the file name is buried in the > query string. > > So If any one can fill me in on the severity of this > exploit and then I can > appropriately decide if I need to make some serious > changes to multiple > sites or find an alternative. > > Thanks > > Brook Davies > maracasmedia __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
