> There is a potential workaround if what I'm seeing is true. Have
> your webserver block any HTTP method other than get and post. If
> your webserver can do that, you should be safe. I'll say more later.
The only methods you'd want to block are PUT and DELETE, I think; you'd want
to allow GET, POST, HEAD and TRACE. I don't think this has anything to do
with the current vulnerability, though.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
