From LOW to PWNED [2] ColdFusion
no patches exist for 6 7 so if you see CF6 or CF7 its always vuln to the bug http://carnal0wnage.attackresearch.com/2012/04/from-low-to-pwned-2-coldfusion.html -- John Bliss - http://about.me/jbliss ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350827 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: From LOW to PWNED [2] ColdFusion
Where precisely is the download for the fix to this vulnerability? nathan strutz [www.dopefly.com] [hi.im/nathanstrutz] [about.me/nathanstrutz] On Tue, Apr 24, 2012 at 2:22 AM, John M Bliss bliss.j...@gmail.com wrote: no patches exist for 6 7 so if you see CF6 or CF7 its always vuln to the bug http://carnal0wnage.attackresearch.com/2012/04/from-low-to-pwned-2-coldfusion.html -- John Bliss - http://about.me/jbliss ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350828 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: From LOW to PWNED [2] ColdFusion
http://www.adobe.com/support/coldfusion/downloads_updates.html On Tue, Apr 24, 2012 at 10:04 AM, Nathan Strutz str...@gmail.com wrote: Where precisely is the download for the fix to this vulnerability? nathan strutz [www.dopefly.com] [hi.im/nathanstrutz] [about.me/nathanstrutz] On Tue, Apr 24, 2012 at 2:22 AM, John M Bliss bliss.j...@gmail.com wrote: no patches exist for 6 7 so if you see CF6 or CF7 its always vuln to the bug http://carnal0wnage.attackresearch.com/2012/04/from-low-to-pwned-2-coldfusion.html -- John Bliss - http://about.me/jbliss ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350829 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: From LOW to PWNED [2] ColdFusion
Oh ok I didn't see that they actually changed CF8's CHF (cumulative hot fix) 4 to include the fix. Does that mean many people may need to reapply that hotfix? And CF9, same for CHF 2 I think. nathan strutz [www.dopefly.com] [hi.im/nathanstrutz] [about.me/nathanstrutz] On Tue, Apr 24, 2012 at 8:06 AM, John M Bliss bliss.j...@gmail.com wrote: http://www.adobe.com/support/coldfusion/downloads_updates.html On Tue, Apr 24, 2012 at 10:04 AM, Nathan Strutz str...@gmail.com wrote: Where precisely is the download for the fix to this vulnerability? nathan strutz [www.dopefly.com] [hi.im/nathanstrutz] [about.me/nathanstrutz] On Tue, Apr 24, 2012 at 2:22 AM, John M Bliss bliss.j...@gmail.com wrote: no patches exist for 6 7 so if you see CF6 or CF7 its always vuln to the bug http://carnal0wnage.attackresearch.com/2012/04/from-low-to-pwned-2-coldfusion.html -- John Bliss - http://about.me/jbliss ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350830 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm