[12059] in bugtraq
Updated Allaire Security Zone Bulletin and Patch Available
daemon@ATHENA.MIT.EDU (Aleph One)
Wed Sep 29 21:34:59 1999
Content-Type: text/plain
Message-Id: <19990929193347.32509.qmail@underground.org>
Date: Wed, 29 Sep 1999 12:33:47 -0700
Reply-To: aleph1@UNDERGROUND.ORG
From: Aleph One <aleph1@UNDERGROUND.ORG>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Dear Allaire Customer --
The following Allaire Security Bulletin, has been updated
and a ColdFusion Serverpatch has been made available at the
Allaire Security Zone (http://www.allaire.com/security):
ASB99-10: Addressing Potential Security Issues with Undocumented CFML Tags
and Functions Used in the ColdFusion Administrator (Patch Available)
The updated bulletin and patch address potential security issues with
undocumented CFML tags and functions used in the ColdFusion Administrator
for customers and ISPs hosting multiple ColdFusion 3.12 and 4.01 applications
on a single server machine.
NOTE: If you are not hosting multiple ColdFusion 3.12 and 4.01 applications
on a single server machine, you should not require this patch.
As a Web application platform vendor, one of our highest concerns is the security
of the systems our customers deploy. We understand how important security is to
our customers, and we're committed to providing the technology and information
customers need to build secure Web applications. Thank you for your time and
consideration on this issue.
-- Damon Cooper
Security Response Team Coordinator, Allaire Corporation
P.S. As a reminder, Allaire has set up an email address that customers
can use to report security issues associated with an Allaire product: secure@allaire.com.
