Thanks Cameron. There were 2 more hotfixes released after this for CF 9.0 (in our case).Looks like hotfix 3 includes 2 as well. So, if someone doesnt apply hf2, He can use hf3 and be up to date right(with hf2 included). I am I correct in this assumption? Can someone confirm please?
hf 2 -- http://helpx.adobe.com/coldfusion/kb/cumulative-hotfix-2-coldfusion-900.html hf 3 -- http://helpx.adobe.com/coldfusion/kb/cumulative-hotfix-3-coldfusion-900.html Thanks. <Ajas Mohammed /> iUseDropbox(http://db.tt/63Lvone9) http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. On Tue, Apr 9, 2013 at 11:00 AM, Cameron Childress <[email protected]>wrote: > One more post about this exploit to remind (scare you into) applying the > hotfix. > > > http://breenmachine.blogspot.com/2013/03/cool-coldfusion-post-exploitation.html > > -Cameron > > > On Thu, Jan 3, 2013 at 8:50 AM, Cameron Childress <[email protected]>wrote: > >> FYI - worth reading up on this. >> >> >> http://www.carehart.org/blog/client/index.cfm/2013/1/2/serious_security_threat >> >> >> http://www.carehart.org/blog/client/index.cfm/2013/1/2/Part2_serious_security_threat >> >> -Cameron >> >> -- >> Cameron Childress >> -- >> p: 678.637.5072 >> im: cameroncf >> facebook <http://www.facebook.com/cameroncf> | >> twitter<http://twitter.com/cameronc> | >> google+ <https://profiles.google.com/u/0/117829379451708140985> >> >> > > > -- > Cameron Childress > -- > p: 678.637.5072 > im: cameroncf > facebook <http://www.facebook.com/cameroncf> | > twitter<http://twitter.com/cameronc> | > google+ <https://profiles.google.com/u/0/117829379451708140985> > >
