Bugtraq mailing list archives
Updated Allaire Security Zone Bulletin and Patch Available
From: aleph1 () UNDERGROUND ORG (Aleph One)
Date: Wed, 29 Sep 1999 12:33:47 -0700
Dear Allaire Customer -- The following Allaire Security Bulletin, has been updated and a ColdFusion Serverpatch has been made available at the Allaire Security Zone (http://www.allaire.com/security): ASB99-10: Addressing Potential Security Issues with Undocumented CFML Tags and Functions Used in the ColdFusion Administrator (Patch Available) The updated bulletin and patch address potential security issues with undocumented CFML tags and functions used in the ColdFusion Administrator for customers and ISPs hosting multiple ColdFusion 3.12 and 4.01 applications on a single server machine. NOTE: If you are not hosting multiple ColdFusion 3.12 and 4.01 applications on a single server machine, you should not require this patch. As a Web application platform vendor, one of our highest concerns is the security of the systems our customers deploy. We understand how important security is to our customers, and we're committed to providing the technology and information customers need to build secure Web applications. Thank you for your time and consideration on this issue. -- Damon Cooper Security Response Team Coordinator, Allaire Corporation P.S. As a reminder, Allaire has set up an email address that customers can use to report security issues associated with an Allaire product: can use to report security issues associated with an Allaire product: secure () allaire com.
Current thread:
- Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2 running on an RS6000. (power) W.H.J.Pinckaers (Sep 29)
- Updated Allaire Security Zone Bulletin and Patch Available Aleph One (Sep 29)
- Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2 Bill Pemberton (Sep 29)
- Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2 running on an RS6000. (power) Troy A. Bollinger (Sep 29)
- Re: Fw: Remote bufferoverflow exploit for ftpd from AIX 4.3.2 running on an RS6000. (power) Keith Stevenson (Sep 29)