[10688] in bugtraq
New Allaire Security Bulletin (ASB99-09)
daemon@ATHENA.MIT.EDU (aleph1@UNDERGROUND.ORG)
Tue Jun 1 14:50:45 1999
Content-Type: text/plain
Message-Id: <19990601184535.19905.qmail@underground.org>
Date: Tue, 1 Jun 1999 11:45:35 -0700
Reply-To: aleph1@UNDERGROUND.ORG
From: aleph1@UNDERGROUND.ORG
To: BUGTRAQ@NETSPACE.ORG
Dear Allaire Customer --
We have recently become aware of a serious security vulnerability that may affect
customers using Microsoft Access with ColdFusion. This issue is not a problem with
ColdFusion, but can occur when using some versions of the Microsoft Access ODBC driver.
We have created a new Allaire Security Bulletin that documents this issue and the steps
that customers can take to protect themselves. If you are using Microsoft Access with
your Web applications we strongly recommend that you review this new bulletin:
ASB99-09: Solutions to Issues that Allow Users to Execute Commands through
Microsoft Access
You can find this new bulletin and information about other security issues in the
Allaire Security Zone:
http://www.allaire.com/security
As a Web application platform vendor, one of our highest concerns is the security
of the systems our customers deploy. We understand how important security is to
our customers, and we're committed to providing the technology and information customers
need to build secure Web applications. Allaire has set up an email address that customers
can use to report security issues associated with an Allaire product: secure@allaire.com.
Thank you for your time and consideration on this issue.
-- Allaire Security Response Team
