This seems to have passed people by so I'm posting it up: The AdminAPI of ColdFusion MX 7 provides programmatic access to all ColdFusion Administrator functionality. All calls to the adminAPI require an authentication test before calling any other adminAPI functionality. The authentication test could be bypassed.
Local, programmatic access to the adminAPI would allow the same capabilities available in the ColdFusion Administrator. Only authenticated access should be allowed to the adminAPI or the ColdFusion administrator. This issue is not remotely exploitable. Adobe recommends ColdFusion users apply the following update: http://www.adobe.com/go/287ec799 Michael Dinowitz President: House of Fusion http://www.houseoffusion.com Publisher: Fusion Authority http://www.fusionauthority.com Adobe Community Expert ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:249617 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
