d it, I'll pass it on.
/charlie
> -Original Message-
> From: cfaussie@googlegroups.com [mailto:cfaus...@googlegroups.com] On Behalf
> Of
> Steve Onnis
> Sent: Wednesday, August 11, 2010 8:22 PM
> To: cfaussie@googlegroups.com
> Subject: RE: [cfaussie] Securit
Procheckup has discovered that the ColdFusion admin console (and
various programs within) are vulnerable to multiple directory traversal
attacks related to a input parameter. No authentication is needed; all
that is needed is that the admin console is accessible to the Internet.
*The exploit
Not to the general public, no. It's a common practice btw (like it or not :-)
that vendors don't release the exploit.
Cheers,
Kai
> They couldn't give more information about the actual security issue??
>
> -Original Message-
> From: Kai Koenig [mailto:k...@koeni.de]
> Sent: Thursday,
They couldn't give more information about the actual security issue??
-Original Message-
From: Kai Koenig [mailto:k...@koeni.de]
Sent: Thursday, 12 August 2010 8:39 AM
To: cfugauckl...@googlegroups.com; cfaussie@googlegroups.com
Subject: [cfaussie] Security update: Hotfix available for C
