[13228] in bugtraq
New Allaire Security Zone Bulletins and KB Article
daemon@ATHENA.MIT.EDU (Aleph One)
Wed Jan 5 00:07:50 2000
Content-Type: text/plain
Message-Id: <20000105024545.25297.qmail@underground.org>
Date: Tue, 4 Jan 2000 18:45:45 -0800
Reply-To: aleph1@UNDERGROUND.ORG
From: Aleph One <aleph1@UNDERGROUND.ORG>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Dear Allaire Customer --
Several new security issues that may affect ColdFusion customers have come to our attention recently. Please visit the Security Zone at the Allaire Web site to learn about these new issues and what actions you can take to address them:
<http://www.allaire.com/security>
This week we posted the following new or recently updated Allaire Security Bulletins and an updated ColdFusion 4.0x CFCACHE tag:
ADDED:
ASB00-01: Enhancing Authenticated Webtop User Security in Allaire Spectra 1.0
ASB00-02: Addressing Potential Denial Of Service Problem With Installation Files In Allaire Spectra 1.0
ASB00-03: Patch Available For Potential Information Exposure By The CFCACHE Tag
As a Web application platform vendor, one of our highest concerns is the security of the systems our customers deploy. We understand how important security is to our customers, and we're committed to providing the technology and information customers need to build secure Web applications. Thank you for your time and consideration on this issue.
-- Security Response Team, Allaire Corporation
P.S. As a reminder, Allaire has set up an email address that customers can use to report security issues associated with an Allaire product: secure@allaire.com.
Allaire's Privacy Policy
=-=-=-=-=-=-=-=-=-=-=-=-
Allaire respects the Web and the privacy of those who use it. We do not rent or sell our mailing list to anyone. Only Allaire or one of our authorized partners or resellers will contact you in regards to Allaire products or related services. You may request at any time to be removed from our email list by sending an email to remove@allaire.com with the subject "REMOVE."
You can see the full text of our Privacy Policy at: http://www.allaire.com/privacy
=========================================
