Server Product ColdFusion Version 9,0,0,251028 Edition Enterprise Operating System Windows 2003 OS Version 5.2 Adobe Driver Version 4.0 (Build 0005) JVM Details Java Version 1.6.0_14 Java Vendor Sun Microsystems Inc. Java Vendor URL http://java.sun.com/ Java Home C:\ColdFusion9\runtime\jre C:\ColdFusion9\lib\updates has 0 updates. I remember, I applied the directory traversal vulnerability update http://www.adobe.com/support/security/bulletins/apsb10-18.html .
*Vulnerability identifier:* APSB10-18 *CVE number:* CVE-2010-2861 You were referring to these CF hotfixes right? COLDFUSION Version 9 Brief Originally Posted Last Updated *APSB12-15<http://www.adobe.com/support/security/bulletins/apsb12-15.html> * Security update: Hotfix available for ColdFusion 9.0.1 and earlier<http://www.adobe.com/support/security/bulletins/apsb12-15.html> 6/12/2012 6/12/2012 *APSB12-06<http://www.adobe.com/support/security/bulletins/apsb12-06.html> * Security update: Hotfix available for ColdFusion<http://www.adobe.com/support/security/bulletins/apsb12-06.html> 3/13/2012 3/13/2012 *APSB11-29<http://www.adobe.com/support/security/bulletins/apsb11-29.html> * Security update: Hotfix available for ColdFusion<http://www.adobe.com/support/security/bulletins/apsb11-29.html> 12/13/2011 12/13/2011 *APSB11-14<http://www.adobe.com/support/security/bulletins/apsb11-14.html> * Security update: Hotfix available for ColdFusion<http://www.adobe.com/support/security/bulletins/apsb11-14.html> 6/14/2011 6/14/2011 *APSB11-04 <http://www.adobe.com/support/security/bulletins/apsb11-04.html> *Security update: Hotfix available for ColdFusion<http://www.adobe.com/support/security/bulletins/apsb11-04.html> 2/8/2011 3/7/2011 *APSB10-18<http://www.adobe.com/support/security/bulletins/apsb10-18.html> * Security update: Hotfix available for ColdFusion<http://www.adobe.com/support/security/bulletins/apsb10-18.html> 8/10/2010 8/11/2010 *APSB10-11<http://www.adobe.com/support/security/bulletins/apsb10-11.html> * Security update: Hotfixes available for ColdFusion<http://www.adobe.com/support/security/bulletins/apsb10-11.html> 5/11/2010 5/11/2010 *APSB10-05<http://www.adobe.com/support/security/bulletins/apsb10-05.html> * Security update available for BlazeDS<http://www.adobe.com/support/security/bulletins/apsb10-05.html> 2/11/2010 3/5/2010 *APSB10-04<http://www.adobe.com/support/security/bulletins/apsb10-04.html> * Solution available for potential ColdFusion information disclosure issue<http://www.adobe.com/support/security/bulletins/apsb10-04.html> 1/29/2010 1/29/2010 <Ajas Mohammed /> iUseDropbox(http://db.tt/63Lvone9) http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. On Mon, Aug 20, 2012 at 12:39 PM, Charlie Arehart <[email protected]>wrote: > Odd, indeed. I can’t recall: what version of CF was this (including point > release)? And would you say you have all CF hotfixes? (Not judged just by > the CF Admin system info page, but by looking at what’s in the lib\updates > dir.)**** > > ** ** > > /charlie**** > > ** ** > > *From:* [email protected] [mailto:[email protected]] *On Behalf Of *Ajas > Mohammed > *Sent:* Monday, August 20, 2012 12:13 PM > > *To:* [email protected] > *Subject:* Re: [ACFUG Discuss] CFC path - bind autosuggest issue**** > > ** ** > > Charlie, > > > The code is ONLY IN external server webroot. We dont have anything in CF > wwwroot. But that was good suggestion. Its possible especially when you > explain "shadow" page logic. > > Also, no one is creating subdirectory structure that matches external web > server root. > > This one is weirdest of things I have ever seen because code works for > days and suddenly one day we start getting XYZ/Employee.cfc not found. > > <Ajas Mohammed /> **** > > ** ** > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by FusionLink <http://www.fusionlink.com> > ------------------------------------------------------------- >
