Actually, it's a Microsoft IIS 3 & 4 security hole and affects all .cfm and
all .asp files on servers that aren't patched.
Todd Ashworth
----- Original Message -----
From: "Douglas M. Smith" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, August 04, 2000 12:57 PM
Subject: RE: Security considerations with index.cfm
| Hi Bert,
|
| Thanks for letting us know about this security hole in FuseBox.
|
| Do you know if this "+htr" bug a feature of CF server in general or
FuseBox code in particular?
|
| I am guessing that it is probably related to using the
thistag.generatedcontent in the <CF_BODYCONTENT> tag. But a lot of CF web
sites use this feature of CF. If so, it probably should be considered a
general CF security hole.
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
