Sicherheitslücke in CF

by kai on 19/09/2003

MPSB03-06 Security Patch available for ColdFusion MX/ColdFusion cross-site scripting vulnerability with default error handlers


ColdFusionMX Web Sites that use the default ColdFusionMX Site-Wide Error Handler page or the default ColdFusionMX Missing Template Handler page may be susceptible to a cross-site scripting attack using the HTTP Referer[sic] header field.

ColdFusion 5.0 and earlier versions are not at risk for this attack with the default Missing Template Handler.

ColdFusion 5.0 and earlier versions are at risk with the default Error Handler page if no page is specified.

Ausführliche Beschreibung

Comments on this entry are closed.

Previous post:

Next post: