Just to note, this only need to be applied on JRun installs (J2EE) and not server config out of the box with CFMXU3.
-----Original Message----- From: Stephen Moretti [mailto:[EMAIL PROTECTED] Sent: 09 July 2003 09:36 To: CFDeveloper Dev List Subject: [ cf-dev ] MM Security Bulletin MPSB03-04 - Patch available for Apache 1.3.x, 2.0 view source vulnerability in ColdFusion MX and JRun 4.0 on Windows Originally Posted: July 8, 2003 ~~~~~~~ SUMMARY ColdFusion MX and JRun 4.0 will show source code while browsing .cfm, .cfc,.cfml (ColdFusion MX) or .jsp (JRun) pages if the user appends an encoded space to the end of a URL. This vulnerability only affects Apache 1.3.x and 2.x versions on Windows platforms. http://www.macromedia.com/devnet/security/security_zone/mpsb03-04.html -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED] -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]
