[11189] in bugtraq
New Allaire Security Zone Bulletins and KB Article
daemon@ATHENA.MIT.EDU (aleph1@UNDERGROUND.ORG)
Fri Jul 30 01:11:22 1999
Content-Type: text/plain
Message-Id: <19990729224002.25456.qmail@underground.org>
Date: Thu, 29 Jul 1999 15:40:02 -0700
Reply-To: aleph1@UNDERGROUND.ORG
From: aleph1@UNDERGROUND.ORG
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Dear Allaire Customer --
Several new security issues that may affect ColdFusion customers have come
to our attention recently. Please visit the Security Zone at the Allaire Web site
to learn about these new issues and what actions you can take to address them:
http://www.allaire.com/security
This week we posted the following new or recently updated Allaire Security Bulletins
and Knowledge Base Articles:
ADDED:
ASB99-11: Solutions to Issues that Allow Users to Execute Commands on NT Servers
through MDAC RDS
ASB99-10: Addressing Potential Security Issues with Undocumented CFML Tags and
Functions Used in the ColdFusion Administrator
Article 11712: Security Best Practice: Disabling ColdFusion RDS
As a Web application platform vendor, one of our highest concerns is the security
of the systems our customers deploy. We understand how important security is to our
customers, and we're committed to providing the technology and information customers
need to build secure Web applications. Thank you for your time and consideration on
this issue.
-- Damon Cooper
Security Response Team Coordinator, Allaire Corporation
P.S. As a reminder, Allaire has set up an email address that customers can use to
report security issues associated with an Allaire product: secure@allaire.com.
