Potential Denial of Service Problem in Allaire Spectra 1.0

 
Jan 03, 2000

Problem: When installing Allaire Spectra 1.0, a web-based Configuration Wizard is used to finalize a number of configuration settings, including a step that indexes data collections on the server. This step of the Configuration Wizard can be accessed via URL and the collections can be resubmitted for indexing. This could be used in a denial of service attack on an Allaire Spectra server.

For more information, see Allaire Security Bulletin (ASB00-02): Addressing Potential Denial Of Service Problem With Installation Files In Allaire Spectra 1.0.

Add a Comment
(If you subscribe, any new posts to this thread will be sent to your email address.)
  
Privacy | FAQ | Site Map | About | Guidelines | Contact | Advertising | What is ColdFusion?
House of Fusion | ColdFusion Jobs | Blog of Fusion | AHP Hosting