Patch Available for CFCACHE Tag Potential Exploit
Released: January 4, 2000
This bug concerns ColdFusion 4.0x users.
Problem: The CFCACHE tag, which performs template caching to increase page delivery performance, creates several temporary files, including one that contains absolute filenames with directory path information, URL parameters and timestamps. In ColdFusion 4.0x, these files are stored in the same directory as the .CFM page, usually in a publicly accessible web document directory, making information about the web document directory structure or URL parameters used to call site pages accessible.
Solution: Allaire has released a new version of the CFCACHE tag (also available in ColdFusion 4.5) that allows users to specify a non-web document directory to store the temporary file, making them inaccessible to browsers.
For more information, see Allaire Security Bulletin (ASB00-03)
Latest ColdFusion Talk (CF-Talk)
- making functions global in model glue
- form collection
- multiple select drop down box and oracle dates
- Form slowness inexplicable
- fusebox vs model glue
- Query of Queries error
- Setting a default value
- Javascript in CFC
- CF7 ENT => CF8, CFReport Font size issues
- How to access files on an ftp url that doesn't allow direct ftp access?
Latest ColdFusion Jobs (CF-Jobs)
- Coldfusion Web Developer - Natick, MA
- Need Remote LAMP or WIMP or ColdFusion Work
- ColdFusion Developers/Arlington, Virginia/Direct
- ColdFusion MX Developers Needed in NYC!
- Seasoned ColdFusion Developer Available
- Available:Sr ColdFusion Developer
- Mid Lvl ColdFusion Developer - Phoenix, AZ
- ColdFusion Developer - Knoxville, TN
- ColdFusion Positions in TX and SC!!! Immediate!
- Coldfusion Developer available
