>> This exploit should not effect most sites
This is not quite true. Sadly most sites have the sample files installed,
which is why these things continue to be a problem. Heck AOL up until
recently had the sample docs installed on one of their public sites. I know
a major university that still has them installed on several servers.
All you have to do is do an internet search for specific cfm files and you
can find hundreds of sites.
- Steve
-----Original Message-----
From: Jeff Sarsoun [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 13, 2000 2:59 PM
To: CF-Talk
Subject: RE: Allaire ColdFusion Sample Script DoS Vulnerability
This exploit should not effect most sites, considering sample code should
not be installed on a production server in the first place. This goes back
to other exploits that exist due to sample code that was installed by
Allaire in previous versions.
Jeff Sarsoun
-----Original Message-----
From: Robert Everland [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 13, 2000 12:51 PM
To: CF-Talk
Subject: Allaire ColdFusion Sample Script DoS Vulnerability
http://www.securityfocus.com/frames/?content=/vdb/%3Fid%3D2094
Robert Everland III
Web Developer
Dixon Ticonderoga
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
