Potential Denial of Service Problem in Allaire Spectra 1.0
Problem: When installing Allaire Spectra 1.0, a web-based Configuration Wizard is used to finalize a number of configuration settings, including a step that indexes data collections on the server. This step of the Configuration Wizard can be accessed via URL and the collections can be resubmitted for indexing. This could be used in a denial of service attack on an Allaire Spectra server.
For more information, see Allaire Security Bulletin (ASB00-02): Addressing Potential Denial Of Service Problem With Installation Files In Allaire Spectra 1.0.
Latest ColdFusion Talk (CF-Talk)
- IDE announced: IDE/Compiler Business Model
- Error invoking CFC
- Very basic/simple forum
- Official ColdFusion IDE announced
- URL to open in maximized window state within current window
- Ant build
- Cfdiv not changing when cfselect changes
- client variables log database is huge
- JRun Connector Error
- Net Training & C# for Net training in New Hampshire or N Shore of Mass
Latest ColdFusion Jobs (CF-Jobs)
- Drupal CMS + ColdFusion MX 7 contract - 3 months
- Junior to Mid Level Web Developer (Washington, DC)
- QuillDesign - Looking for Telecommute Part-Time
- ColdFusion Developer in North Jersey Area
- Analysis Service Developer Position OPEN NOW!!
- Business Analyst - Internet / Coldfusion based in London UK
- ColdFusion Developer - Milton Keynes UK (United Kingdom)
- ColdFusion/ActionScript Position (RI) ASAP! 3-4 month contract
- Web Infrastructure and Developer w/ Coldfusion- Columbia, SC
- Coldfusion Developer available
Want a number like 800-ColdFusion?
My Toll Free 800 Number provides a vanity phone number service to clients who want more than just digits. How would you like 800-coldfusion?