I have watched this discussion with interest for much of the day and am unsure whether I should be concerned or not.
Is there a new major ColdFusion security hole at work here? Is this just an old issue that some people had not patched correctly? If this is a new issue, what do I need to do immediately to stop this from happening? Should CF Chart be turned off? If so, how? How are these uploaded files getting into the server? Has anyone contacted Adobe to file a security report? Thank you On Mon, Feb 4, 2013 at 1:03 PM, Robert Harrison <[email protected]>wrote: > > Thanks everyone for the help. Many had some very useful advice and were > dead on about the files and issues with mapping and /CFIDE. > > Yes, the culprit files were in CFIDE/adminapi/customtags, but we found a > curious commonality in all the sites that were affected. Every site > affected used CFChart. I remember our server guy had to set-up some special > mapping to CFIDE and allow files to be written there because of some sort > of temp file CFChart uses when creating a .jpg. Now that it's been locked > down again, CFCHART no longer displays the image. > > What should we do to allow CFChart to function without opening a security > hole? > > Thanks, > Robert > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354288 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
