RE: ColdFusion tags turned off!

Mon, 17 Sep 2001 12:25:56 -0700 

Joe

Most hosting companies that I have used have those tags disabled. There is
the possibility that an individual could use these tags maliciously.

Steve Black
Corporate Web Engineering
GetThere a Sabre Company
2975 Regent Blvd.
Irving, TX 75063




-----Original Message-----
From: Joe Kelly [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 14, 2001 3:56 PM
To: DFWCFUG
Subject: Fw: ColdFusion tags turned off!


Has anyone heard of this problem?  We are using a hosting company - CF 4.5.
How do I respond to this?  Is this real and if so, are there any fixes?  It
won't be easy for us/me to switch companies.

Thanks,
Joe Kelly
[EMAIL PROTECTED]

Sent: Friday, September 14, 2001 11:18 AM
Subject: RE: ColdFusion tags turned off!


> I actually cannot.  This is a HUGE security hole.  One of our customer
> showed us how do delete files from the winnt/system32 directory using
> these tags turned on.
>
> Ric.
>
> Subject: ColdFusion tags turned off!
>
> Ric,
>
> Can you enable the all the tags in the Basic Security section of the
> ColdFusion Administrator for our box.  Apparently, they got turned off,
> disabling some of our applications.
>
>  <<...>> Enable CFCONTENT tag
>  <<...>> Enable CFDIRECTORY tag
>  <<...>> Enable CFFILE tag
>  <<...>> Enable CFOBJECT tag
>  <<...>> Enable CFREGISTRY tag
> I am most concerned about CFFILE.
>
> Thank You,
> Joe Kelly
> Director of Web Site Development Services
>
>
>
>


-------------------------------------------------------------------------
This email server is running an evaluation copy of the MailShield anti-
spam software. Please contact your email administrator if you have any
questions about this message. MailShield product info: www.mailshield.com

-----------------------------------------------
To post, send email to [EMAIL PROTECTED]
To subscribe / unsubscribe: http://www.dfwcfug.org

-------------------------------------------------------------------------
This email server is running an evaluation copy of the MailShield anti-
spam software. Please contact your email administrator if you have any
questions about this message. MailShield product info: www.mailshield.com

-----------------------------------------------
To post, send email to [EMAIL PROTECTED]
To subscribe / unsubscribe: http://www.dfwcfug.org

Reply via email to