Oh ok I didn't see that they actually changed CF8's CHF (cumulative hot fix) 4 to include the fix. Does that mean many people may need to reapply that hotfix?
And CF9, same for CHF 2 I think. nathan strutz [www.dopefly.com] [hi.im/nathanstrutz] [about.me/nathanstrutz] On Tue, Apr 24, 2012 at 8:06 AM, John M Bliss <[email protected]> wrote: > > http://www.adobe.com/support/coldfusion/downloads_updates.html > > On Tue, Apr 24, 2012 at 10:04 AM, Nathan Strutz <[email protected]> wrote: > > > > > Where precisely is the download for the fix to this vulnerability? > > > > nathan strutz > > [www.dopefly.com] [hi.im/nathanstrutz] [about.me/nathanstrutz] > > > > > > On Tue, Apr 24, 2012 at 2:22 AM, John M Bliss <[email protected]> > > wrote: > > > > > > > > "no patches exist for 6 & 7 so if you see CF6 or CF7 its always vuln to > > the > > > bug" > > > > > > > > > > > > http://carnal0wnage.attackresearch.com/2012/04/from-low-to-pwned-2-coldfusion.html > > > > > > > > > -- > > > John Bliss - http://about.me/jbliss > > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350830 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
