This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.

No Comments

Server Updated

Professional, Technology Comments (0)

We’re a Macromedia, um, an Adobe shop around here because we just love ColdFusion.

So, while doing some morning reading at the Internet News Blog, I came across an eWeek story which linked, in turn to a security hotfix announcement: Macromedia – MPSB05-12 : Sandbox Security and CFMAIL Vulnerability in ColdFusion MX 6.X

One of the issues dealt with is a CFMAIL vulnerability:

An application written to use the CFMAIL tag could be used to attach arbitrary files and send mail with any content. This is due to weak input validation in the “Subject” field.

Well, we use CFMAIL extensively at the Stitchery Mall, so I figured that this is important enough to drop everything and fix.

It was an easy enough fix. Total time the ColdFusion server was stopped amounted to 7 minutes. The system is now back up and running. Carol has tested the CFMAIL scripts and they appear to still be working.

All in all, not too bad.

MickC @ December 19, 2005

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

More articles

Previous:
Next: