RE: Allaire security problem - anyone know solution?

Thu, 03 Aug 2000 21:37:19 -0700 

On Thu, 03 Aug 2000, Dan O'Keefe spewed forth into the void:
> http://support.allaire.com/application.cfm+.htr
> 
> It also appears to only be in IE.

nope, works in Netscape too, but you have to "view source"

> 
> ------------------------------------------
> Dan O'Keefe
> TriPoint Technologies
> [EMAIL PROTECTED]
> 954.501.3113
> 
> -> -----Original Message-----
> -> From: Dave Wilson [mailto:[EMAIL PROTECTED]]
> -> Sent: Thursday, August 03, 2000 11:27 AM
> -> To: [EMAIL PROTECTED]
> -> Subject: Allaire security problem - anyone know solution?
> ->
> ->
> -> Hi all,
> ->
> -> One of my hosting clients has just made me aware of this major security
> -> problem and I'm wondering if anyone knows how to eliminate it?
> ->
> -> Try calling the application.cfm template on any CF site with
> -> +.htr appended
> -> to the end of the url. You'll first see a blank page. Now hit
> -> refresh/reload
> -> and you'll see the full code of said application.cfm
> ->
> -> e.g. http://www.support.alllaire.com/application.cfm+.htr
> ->
> -> Can someone please tell me there is a patch for this. It seems
> -> to happen on
> -> all CFserver versions 4.x + running IS4.0 with Service pack 5
> ->
> -> Dave
> ->
> -> Dave Wilson
> -> Internet Technology Manager,
> -> BizNet Solutions
> ->
> -> <Allaire Premier Partner>
> -> Co-Founder CFUG Ireland
> -> http://www.cfug.ie
> ->
> -> 224, Lisburn Road
> -> Belfast BT9 6GE
> ->
> -> Tel: 02890 225 776
> -> Fax: 02890 223 223
> -> web: http://www.biznet-solutions.com
> ->
> -> email: [EMAIL PROTECTED]
> ->
> -> -----------------------------------------------------------------
> -> -------------
> -> Archives: http://www.mail-archive.com/[email protected]/
> -> To Unsubscribe visit
> -> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/c
> f_talk or send a message to [EMAIL PROTECTED] with
> 'unsubscribe' in the body.
> 
> ------------------------------------------------------------------------------
> Archives: http://www.mail-archive.com/[email protected]/
> To Unsubscribe visit 
>http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
>message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
-- 
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
 Jon Tillman
 LINUX USER: #141163
 ICQ: 4015362
 [EMAIL PROTECTED]
 http://tillman.freehosting.net
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Reply via email to