Potential Denial of Service Problem in Allaire Spectra 1.0

Jan 03, 2000

Problem: When installing Allaire Spectra 1.0, a web-based Configuration Wizard is used to finalize a number of configuration settings, including a step that indexes data collections on the server. This step of the Configuration Wizard can be accessed via URL and the collections can be resubmitted for indexing. This could be used in a denial of service attack on an Allaire Spectra server.

For more information, see Allaire Security Bulletin (ASB00-02): Addressing Potential Denial Of Service Problem With Installation Files In Allaire Spectra 1.0.

Latest ColdFusion Talk (CF-Talk)

JSON object error
Old ColdFusion doc needs to learn new Java tricks
Easy Regex question?
session variable timeout
using name of query in QofQ form custom tag
Development Apps - Does anyone use homesite still?
Need Ajax Combobox
can't figure out cfc error
onsessionstart not being called with j2ee session variables
Has anyone created a website keyword ranking app with ColdFusion?

Latest ColdFusion Jobs (CF-Jobs)

Coldfusion / Flex Developer
Coldfusion Developer for Arlington, VA
ColdFusion Software Engineer - Stamford, CT
Junior ColdFusion Position
Senior ColdFusion Guru in DC metro area
Expert needed for Coldfusion Performance Tuning
Web Developer (Enterprise Consulting Services) - Boston, MA
Certified ColdFusion Developer with 9 years experience available for telecommuting work
Senior Coldfusion Developer (Boston)
Previous Post (Sr ColdFusion Engineer) job location: Woburn, MA

Want a number like 800-ColdFusion?

My Toll Free 800 Number provides a vanity phone number service to clients who want more than just digits. How would you like 800-coldfusion?