Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

coldfusion.alert.txt

🗓️ 17 Aug 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 25 Views

Security vulnerabilities in ColdFusion Server example applications affecting versions 2.0 and higher.

Code
`Date: Friday, 30 Apr 1999 17:00:00 -0400  
>From: [email protected]  
To: [email protected]  
Subject: ColdFusion Security Alert  
  
***************************************************************  
** Allaire respects the Web and the privacy of those who use  
** it. To avoid future messages from Allaire, send  
** e-mail to [email protected] with the subject: REMOVE  
***************************************************************  
  
  
Dear ColdFusion Customer --  
  
I am writing to notify you of security vulnerabilities exposed by the example  
applications installed with ColdFusion Server doc  
umentation in versions 2.0 and higher. You may have already heard about these issues  
in one of the email communications that we  
sent when we first reported them to customers in February 1999, in the Allaire  
Security Zone (http://www.allaire.com/security)  
.  
  
PROBLEM  
The example applications installed with the ColdFusion Server documentation expose  
vulnerabilities that include the ability to  
view, delete, and upload files. These issues affect example applications included in  
ColdFusion Server 2.0 and higher.  
  
SOLUTION  
We strongly recommend you address these issues using one of the solutions below:  
  
1. Remove the documentation directory (CFDOCS) from the server (this will not affect  
functionality of the server). In general,  
we recommend that you do not install sample code, example applications, or  
documentation on servers accessible on the Internet.  
  
  
2. Install the ColdFusion Server 4.0.1 Update, available for download from the  
DevCenter (http://www.allaire.com/developer). (N  
ote the 4.0.1 Update requires ColdFusion Server 4.0.)  
  
DETAILED INFORMATION  
More details on these issues and ColdFusion security in general are available in the  
Allaire Security Zone, http://www.allaire.  
com/security (see bulletins ASB99-01 and ASB99-02). We strongly recommend that you  
take a moment to visit the Security Zone to  
familiarize yourself with ColdFusion security issues.  
  
We first addressed these sample application issues in early February. We are  
contacting customers again because today we receiv  
ed reports of stepped up attacks exploiting these vulnerabilities, and we want to  
ensure that customers take steps to protect t  
hemselves. We apologize that you may have received this letter late on a Friday, but  
given the importance of this issue, we fel  
t it was necessary to contact customers again today.  
  
Thank you again for choosing ColdFusion. We value your commitment and support. If  
you have additional questions please feel fre  
e to visit our site or email us at [email protected].  
  
Regards,  
Steve Clark  
Vice President of Marketing, Allaire  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
coldfusion vulnerabilitiesexample applicationssecurity alertdocumentation directoryserver update.
25