Howdy, We're trying to get a new web site launched on CF8. We are running 8.0.1, and I've applied the fckeditor vulnerability hotfix. The hotfix
file shows up in the update field and classpath, and the file appears to be located where the hotfix notes say it should be. I removed the two connector files in the hotfix notes, since we don't need fckeditor for uploads. Our client is using McAfee Secure to run a security scan on the site, and it repeatedly points up the fckeditor vulnerability, even though the hotfix has been applied. I've checked and double checked the hotfix installation, stopped and restarted CF, rebooted the server, and still the scans insist the vulnerability remains. Anybody had this kind of problem? Any ideas? Is there a quick way to test if the issue exists still? This is the detail from the scan: Protocol https Port 443 Read Timeout10000Method GET Path /CFIDE/administrator/ HeadersHost=<IP address> Version: 8,0,0, If it is saying version is 8.0, that is clearly incorrect, as the CF admin for the site says the version is: 8,0,1,195765 This is CF 8 Standard on Win2008 64-bit. Thanks very much for your time and attention. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:327081 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
