On Mon, Sep 10, 2012 at 1:28 PM, Tony F <[email protected]> wrote:
> Does 9.0.2 have any fixes not included in "9.0.1 Cumulative Hot Fix 2"? > There are 3 security hotfixes APSB11-29, APSB12-15 and APSB12-06 that were released after 9.0.1 Cumulative Hotfix 2 (which includes all 9.0.1 Security hotfixes prior to and including APSB11-14 for 9.0.1). Those security hotfixes are included in 9.0.2. Some more info here: http://www.petefreitag.com/item/804.cfm The APSB12-06 hotfix is a DOS vulnerability, the HashDos vulnerability but the attack vector for that does not coincide with what you posted. More on HashDos here: http://www.petefreitag.com/tag/hashdos I tested your example and was able to produce the original error but did not see subsequent requests failing even when running through a load tool 2000 requests / 20 concurrent. Not to say the issue doesn't exist in your setup, it could be specific to your setup or common to other - it sound like it would be worth further investigation. You can pass the issue along to Adobe PSIRT http://www.adobe.com/support/security/alertus.html for proper handling, but make sure you have applied all the security hotfixes first. -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting & Products http://petefreitag.com/ - My Blog http://hackmycf.com - Is your ColdFusion Server Secure? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352456 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
