On Thu, 03 Aug 2000, Dave Wilson spewed forth into the void:
> Hi all,
>
> One of my hosting clients has just made me aware of this major security
> problem and I'm wondering if anyone knows how to eliminate it?
>
> Try calling the application.cfm template on any CF site with +.htr appended
> to the end of the url. You'll first see a blank page. Now hit refresh/reload
> and you'll see the full code of said application.cfm
>
> e.g. http://www.support.alllaire.com/application.cfm+.htr
>
> Can someone please tell me there is a patch for this. It seems to happen on
> all CFserver versions 4.x + running IS4.0 with Service pack 5
>
> Dave
>
When I tried it, it didnt work exactly as stated, but I could view the source
using the Netscape "View Source" option.....
A problem indeed
--
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Jon Tillman
LINUX USER: #141163
ICQ: 4015362
[EMAIL PROTECTED]
http://tillman.freehosting.net
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
