|
|
Allaire Spectra 1.0 Webtop Vulnerability
Solution: Quoted directly from the Allaire bulletin (referenced in its entirety in the credits section): Customers should add the missing line of code to the application settings file for the Webtop. To do this: 1.Open the file webroot/Allaire/spectra/webtop/application.cfm 2.Add the following line directly under the application initialize section: <cfset request.cfa.security.bIsSecure = 1> Your code should then look like this: . . . <!--- initialize the webtop ---> <cfa_applicationInitialize applicationID="088E7FE8-2AA3-11D3-AD400060B0EB2994" bActiveApp="1" bActiveLog="1" sessionmanagement="Yes" sessiontimeout="30" mode="design"> <cfset request.cfa.security.bIsSecure = 1> . . . 3.Save the file and your Webtop security settings will work correctly. Note that if you have the ColdFusion "Trusted Cache" option enabled in the ColdFusion Administrator, you will need to turn it off, reload any Webtop section, then turn the "Trusted Cache" option on again for the change to take effect. Restarting the ColdFusion Server will also cause the change to take effect. |
|
Privacy Statement |