MPSB03-06 Security Patch available for ColdFusion MX/ColdFusion cross-site scripting vulnerability with default error handlers
Summary
ColdFusionMX Web Sites that use the default ColdFusionMX Site-Wide Error Handler page or the default ColdFusionMX Missing Template Handler page may be susceptible to a cross-site scripting attack using the HTTP Referer[sic] header field.
ColdFusion 5.0 and earlier versions are not at risk for this attack with the default Missing Template Handler.
ColdFusion 5.0 and earlier versions are at risk with the default Error Handler page if no page is specified.
Comments on this entry are closed.