Thanks Guys. I would have been unaware of this had it not been for the cfaussie list.
Is there an official announcements list I can join? Regards, Andrew. On Aug 12, 10:52 am, "charlie arehart" <charlie_li...@carehart.org> wrote: > Well, no, because that would then expose to bad guys how they could use the > vulnerability for ill. > > Really, every shop should apply it, but as it notes, the key is an exposure > via the CF > Admin, so if you have your CF Admin available to the public, you're > vulnerable. If you > require web server authentication, or have IP restrictions, etc, that > certainly limits > your exposure, but really, everyone should apply the fix. (To be clear, it's > NOT > enough that your Admin requires a password as defined within the CF Admin!) > > I will say this, Pete Frietag has said he will be updating his HackMyCF > service to > check for this vulnerability, which will be the best way for people to check > (without > the exploit being exposed). It's a FREE web-based service where you point it > to your > site, it runs its checks, and emails you a report. More at hackmycf.com. If I > hear > that he has updated it, I'll pass it on. > > /charlie > > > > > -----Original Message----- > > From: cfaussie@googlegroups.com [mailto:cfaus...@googlegroups.com] On > > Behalf Of > > Steve Onnis > > Sent: Wednesday, August 11, 2010 8:22 PM > > To: cfaussie@googlegroups.com > > Subject: RE: [cfaussie] Security update: Hotfix available for ColdFusion > > > They couldn't give more information about the actual security issue?? > > > -----Original Message----- > > From: Kai Koenig [mailto:k...@koeni.de] > > Sent: Thursday, 12 August 2010 8:39 AM > > To: cfugauckl...@googlegroups.com; cfaussie@googlegroups.com > > Subject: [cfaussie] Security update: Hotfix available for ColdFusion > > > Sorry for the crosspost to the NZ and AU lists, but you might want to > > install this one rather sooner than later: > > >http://www.adobe.com/support/security/bulletins/apsb10-18.html > > > Cheers > > Kai > > > -- > > Kai Koenig - Ventego Creative Ltd > > ph: +64 4 476 6781 - mob: +64 21 928 365 / +61 450 132 117 > > web:http://www.ventego-creative.co.nz > > blog:http://www.bloginblack.de > > twitter:http://www.twitter.com/agentK > > -- > > > -- > > You received this message because you are subscribed to the Google Groups > > "cfaussie" group. > > To post to this group, send email to cfaus...@googlegroups.com. > > To unsubscribe from this group, send email to > > cfaussie+unsubscr...@googlegroups.com. > > For more options, visit this group at > >http://groups.google.com/group/cfaussie?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups > > "cfaussie" group. > > To post to this group, send email to cfaus...@googlegroups.com. > > To unsubscribe from this group, send email to > > cfaussie+unsubscr...@googlegroups.com. > > For more options, visit this group at > >http://groups.google.com/group/cfaussie?hl=en. -- You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to cfaus...@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
