Bugtraq mailing list archives
New Cold Fusion vulnerability
From: "Jean-Francois Prieur" <jfp51 () ebeing com>
Date: Thu, 12 Jul 2001 04:39:29 -0400
Hello, Like others I have seen the security advisory concerning Cold Fusion versions 2 to 4.5.1 SP2. What concerns me, and, evidently, others on the cold fusion boards, is the lack of details about this vulnerability. Usually, you would see a serious vulnerability like this being discussed on some mailing lists a few hours before a bulletin being issued, yet in this case, nothing. Maybe we are just paranoid, but since Allaire/Macromedia just released vesion 5 which is not vulnerable, is this just a ploy to get people to upgrade? This and the fact that there is a 3-8% performance degredation when you install the patch makes me want to know more about this. Also, if you are using NT4 and IIS, the patch breaks your server if you don't install MSVCRT 6.0 runtime files beforehand, so be careful. Anyone have any further info? Thanks, JF Prieur
Current thread:
- New Cold Fusion vulnerability Jean-Francois Prieur (Jul 12)
- <Possible follow-ups>
- RE: New Cold Fusion vulnerability Giovannetti, Mark (Jul 15)