We are running Service Pack 6a and it happen to us. I did notice that when
I tried to do it with an encrypted application.cfm. I just got scrambled
code.
It's definitely an IIS issue. I would agree on removing the .htr out of the
IIS mapping.
Dan
----- Original Message -----
From: "Jonathan Broome" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, August 03, 2000 3:36 PM
Subject: RE: Allaire security problem - anyone know solution?
>
> On my sites using SP6a, I couldn't get this to work. On other sites, I
> could. Unless someone's got a better idea, I recommend the Service Pack.
>
> Jonathan
>
>
> -----Original Message-----
> From: Dave Wilson [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 03, 2000 12:27 PM
> To: [EMAIL PROTECTED]
> Subject: Allaire security problem - anyone know solution?
>
>
> Hi all,
>
> One of my hosting clients has just made me aware of this major security
> problem and I'm wondering if anyone knows how to eliminate it?
>
> Try calling the application.cfm template on any CF site with +.htr
appended
> to the end of the url. You'll first see a blank page. Now hit
refresh/reload
> and you'll see the full code of said application.cfm
>
> e.g. http://www.support.alllaire.com/application.cfm+.htr
>
> Can someone please tell me there is a patch for this. It seems to happen
on
> all CFserver versions 4.x + running IS4.0 with Service pack 5
>
> Dave
>
> Dave Wilson
> Internet Technology Manager,
> BizNet Solutions
>
> <Allaire Premier Partner>
> Co-Founder CFUG Ireland
> http://www.cfug.ie
>
> 224, Lisburn Road
> Belfast BT9 6GE
>
> Tel: 02890 225 776
> Fax: 02890 223 223
> web: http://www.biznet-solutions.com
>
> email: [EMAIL PROTECTED]
>
> --------------------------------------------------------------------------
--
> --
> Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
> --------------------------------------------------------------------------
----
> Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
