|
Macromedia ColdFusion MX CFInclude And CFModule Tag Sandbox Escaping Vulnerability
Solution: Macromedia has made the following fix information available: Download the security update patches from the locations specified below This patch is only required in the following circumstances, which are usually confined to ColdFusion MX hosting providers and similar ColdFusion MX installations. You should apply the patch if both the following are true: 1. ColdFusion MX Enterprise Edition Sandbox Security is used 2. ColdFusion templates supplied by untrusted sources are to be executed This patch will cause the "execute" permission in the Files/Dirs panel of Sandbox Security to control access via and . ColdFusion Custom Tags can still be executed from the Custom Tags directories specified in ColdFusion Administrator, regardless of Sandbox Security permissions. To install this patch: 1. Insure that ColdFusion MX with Updater 2 is running 2. Stop ColdFusion MX 3. Create the directory Unix: {cf_root}/runtime/servers/lib Windows: {cf_root}\runtime\servers\lib 4. Copy the file 48718.jar to the new directory 5. Restart ColdFusion MX This will be fixed in the next ColdFusion MX updater after January 1, 2003. Remember to remove the 48718.jar file when this updater is installed. NOTE: Back up your existing files before making changes. As always, test the changes in a non-production environment before applying the changes to production servers. Additionally, Macromedia has made fixes available: Macromedia ColdFusion Server MX Enterprise
|
|
|
Privacy Statement |
