I notice that the patch degrades performance by 3% to 8%
Is there any possibility of more information on how the exploit works so
that we can decide whether or not specific instances of a CF server have to
be affected by this inefficiency ?
3% to 8% is a lot to explain to customers and whilst top security is
desirous, if specific apps don't fall foul of the exploit then that
degradation could be avoided.
Many Thanks,
-------------------------------------------------------
Rich Wild
Senior Web Developer
-------------------------------------------------------
e-mango.com ltd Tel: 01202 587 400
Lansdowne Place Fax: 01202 587 401
17 Holdenhurst Road
Bournemouth Mailto:[EMAIL PROTECTED]
BH8 8EW, UK http://www.e-mango.com
-------------------------------------------------------
This message may contain information which is legally
privileged and/or confidential. If you are not the
intended recipient, you are hereby notified that any
unauthorised disclosure, copying, distribution or use
of this information is strictly prohibited. Such
notification notwithstanding, any comments, opinions,
information or conclusions expressed in this message
are those of the originator, not of e-mango.com ltd,
unless otherwise explicitly and independently indicated
by an authorised representative of e-mango.com ltd.
-------------------------------------------------------
> -----Original Message-----
> From: Phil Costa [mailto:[EMAIL PROTECTED]]
> Sent: 11 July 2001 13:50
> To: CF-Talk
> Subject: Important ColdFusion Security Patch Released Today
>
>
> During a routine internal security audit of Macromedia
> ColdFusion, Macromedia discovered two important security
> issues that affect ColdFusion Server versions 2.0 through
> 4.5.1 SP2.
>
> We have released a Security Bulletin about these issues
> and a patch for ColdFusion Server versions 3.1.1, 4.0, 4.0.1,
> 4.5, 4.5.1 SP1, and 4.5.1 SP2 (all editions).
>
> We are strongly encouraging customers to review the new
> Macromedia Product Security Bulletin (MPSB01-07) and to
> install the patch as quickly as possible. You can find the
> security bulletin and the patch in the Security Zone at:
>
> http://www.allaire.com/security
>
> ~~~~~~~
> MPSB01-07: Macromedia releases patch that addresses
> ColdFusion security issues.
>
> Please note, the security issues DO NOT affect ColdFusion
> Server 5.
>
> As a Web application server vendor, the security of the
> systems our customers deploy is a top priority. Securing
> Web applications, especially those deployed on the Internet,
> is complex and involves a wide range of technologies and
> methodologies from a variety of vendors. Macromedia uses
> the Security Zone in order to better inform our customers
> about security issues that may affect them.
>
> In the Security Zone you will find Security Bulletins that
> explain important issues, technical briefs, and links to
> other resources. In addition, you can subscribe to the
> Security Notification Service in order to receive future
> Security Bulletins when they are published.
>
> We understand how important security is to our customers,
> and we're committed to working to provide a secure platform
> for your Web application development. Thank you for your
> time and consideration on this issue.
>
> - Security Response Team, Macromedia, Inc.
>
> ~~~~
> P.S. As a reminder, Macromedia has set up an e-mail
> address that customers can use to report security issues
> associated with any Macromedia product; that is:
>
> [EMAIL PROTECTED]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
