On Tue, Sep 11, 2012 at 7:48 PM, wrote:
i already read tha adobe bulletin, it doesn't really say much.
I doubt you will ever see details and description about any possible attack.
It would be too easy for those looking for ideas...
Publication of details of an attack are pretty common.
perhaps it might help if a few other people got on their case as well,
especially hosts, who will be the main ones who do not like this fix.
On Fri, Sep 14, 2012 at 12:00 PM, David Boyer
dave.cft...@yougeezer.co.ukwrote:
On Tue, Sep 11, 2012 at 7:48 PM, wrote:
i already read tha adobe
being submitted?
Thanks,
Michael
-Original Message-
From: Byron Mann [mailto:byronos...@gmail.com]
Sent: Wednesday, September 12, 2012 12:27 PM
To: cf-talk
Subject: Re: CF DDos update released
I have to agree that this bulletin is really lacking.
There are organizations that just
-
From: Byron Mann [mailto:byronos...@gmail.com]
Sent: Wednesday, September 12, 2012 12:27 PM
To: cf-talk
Subject: Re: CF DDos update released
I have to agree that this bulletin is really lacking.
There are organizations that just cannot do a hot-fix (DFIU), and the
details in this bulletin
On Thu, Sep 13, 2012 at 11:24 AM, Brian Thornton br...@cfdeveloper.comwrote:
It was a field max to limit crsf.. number of fields is limited or allowed
by W3c standards so I strongly doubt that to be changed I this case..
This particular hotfix does not do anything to limit the number of
I'm seeing (the HTTP Error 500) is the expected behavior when CF
intercepts what it deems to be a CSRF attack?
Thanks again for your help.
-Michael
-Original Message-
From: Pete Freitag [mailto:p...@foundeo.com]
Sent: Thursday, September 13, 2012 10:53 AM
To: cf-talk
Subject: Re: CF DDos
and
restarting CF, I'm now able to submit that form successfully.
Thanks in helping me to resolve this situation!
-Michael
-Original Message-
From: Patti, Michael
Sent: Thursday, September 13, 2012 11:28 AM
To: cf-talk
Subject: RE: CF DDos update released
I have the ability to change
: Re: CF DDos update released
On Thu, Sep 13, 2012 at 11:24 AM, Brian Thornton br...@cfdeveloper.com
wrote:
It was a field max to limit crsf.. number of fields is limited or
allowed by W3c standards so I strongly doubt that to be changed I this
case..
This particular hotfix does
On Tue, Sep 11, 2012 at 7:48 PM, wrote:
i already read tha adobe bulletin, it doesn't really say much.
I doubt you will ever see details and description about any possible attack.
It would be too easy for those looking for ideas...
Publication of details of an attack are pretty common.
I have to agree that this bulletin is really lacking.
There are organizations that just cannot do a hot-fix (DFIU), and
the details in this bulletin give us no idea of exposure or a means to
verify if we are at a high risk. There have been Adobe patches in the
past that we have waited to a
also having to edit hundreds or possibly thousands of security sandboxes is
really not acceptable, not to mention the fact that disabling that function
will break many sites, such as those using popular frameworks.
This really isn't a very acceptable solution.
On Wed, Sep 12, 2012 at 6:26 PM,
http://blogs.coldfusion.com/post.cfm/security-hot-fix-for-coldfusion-september-2012
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
anyone seen details of what the vulnerability actually is ?
that is a huge job to update thousands of security sandboxes.
On Tue, Sep 11, 2012 at 7:34 PM, Brian Thornton br...@cfdeveloper.comwrote:
http://blogs.coldfusion.com/post.cfm/security-hot-fix-for-coldfusion-september-2012
Yes...
Form Limit, and another bulletin...
http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb12-21.html
This guy found the problem..
http://misterdai.yougeezer.co.uk/
Kudos to Davd Boyer...
On Tue, Sep 11, 2012 at 2:44 PM, Russ Michaels r...@michaels.me.uk wrote:
anyone
i already read tha adobe bulletin, it doesn't really say much.
On Tue, Sep 11, 2012 at 7:49 PM, Brian Thornton br...@cfdeveloper.comwrote:
Yes...
Form Limit, and another bulletin...
http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb12-21.html
This guy found the
i already read tha adobe bulletin, it doesn't really say much.
I doubt you will ever see details and description about any possible attack.
It would be too easy for those looking for ideas...
~|
Order the Adobe Coldfusion
16 matches
Mail list logo