Nevermind, Charlie has links (How to lock down the /adminapi, /administrator, and /componentutils directories) in his blog post here http://www.carehart.org/blog/client/index.cfm/2013/1/2/Part2_serious_security_threat
<Ajas Mohammed /> iUseDropbox(http://db.tt/63Lvone9) http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. On Thu, May 9, 2013 at 9:32 AM, Ajas Mohammed <ajash...@gmail.com> wrote: > Does anyone have instructions for IIS 6.0 ? > > <Ajas Mohammed /> > iUseDropbox(http://db.tt/63Lvone9) > http://ajashadi.blogspot.com > We cannot become what we need to be, remaining what we are. > No matter what, find a way. Because thats what winners do. > You can't improve what you don't measure. > Quality is never an accident; it is always the result of high intention, > sincere effort, intelligent direction and skillful execution; it represents > the wise choice of many alternatives. > > > On Thu, May 9, 2013 at 3:54 AM, Frank Moorman <stretch...@franksdomain.net > > wrote: > >> All, >> >> In case you have not heard... Adobe mentioned this last night... >> >> https://www.adobe.com/support/security/advisories/apsa13-03.html >> >> Essentially, the believe the exploit is already out there and is actively >> infecting systems. >> >> However, it can be prevented through access controls on the CFIDE admin >> directories. >> >> AFFECTED SOFTWARE VERSIONS >> >> ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX >> MITIGATIONS >> >> Adobe recommends ColdFusion customers take the following steps to >> mitigate this vulnerability: >> >> - Restrict public access to the CFIDE/administrator, CFIDE/adminapi >> and CFIDE/gettingstarted directories by following the hardening guidance >> in >> the ColdFusion 9 Lockdown >> Guide<http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/91025512-cf9-lockdownguide-wp-ue.pdf> >> and ColdFusion 10 Lockdown >> Guide<http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion-enterprise/pdf/CF10%20Lockdown%20Guide.pdf> >> >> >> - Refer to the ColdFusion 9 Lockdown >> Guide<http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/91025512-cf9-lockdownguide-wp-ue.pdf> >> and ColdFusion 10 Lockdown >> Guide<http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion-enterprise/pdf/CF10%20Lockdown%20Guide.pdf> >> for security best practices and further information on these >> hardening techniques. >> >> This is the first I have heard of the CFIDE/gettingstarted directory, so >> I am assuming that is only on CF10. Another directory that should be >> protected but it not mentioned on this exploit(but has been mentioned on >> others) is the CFIDE/componentutils directory. >> >> If needed/desired, I can share some simple .htaccess samples for people >> that need to protect CF on an apache server... >> >> ------------------------------------------------------------- >> To unsubscribe from this list, manage your profile @ >> http://www.acfug.org?fa=login.edituserform >> >> For more info, see http://www.acfug.org/mailinglists >> Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >> List hosted by FusionLink <http://www.fusionlink.com> >> ------------------------------------------------------------- > > >
