|
|||||||
| Other Tech News The latest community based technology news from across the globe. (If you aren't a community newsposter then use the "Submit News" section.) |
 |
|
|
Thread Tools |
Dec 17, 2005, 01:14 AM
|
#1 |
|
DriverHeaven Extreme Member
Join Date: Apr 2004
Posts: 7,275
Rep Power: 89   |
ColdFusion Holes Allow Security Bypass, Info Exposure
Flaws have been found in multiple versions of Adobe Systems Inc.'s Macromedia ColdFusion that could allow remote or local attackers to bypass security restrictions. Malicious local users can also disclose potentially sensitive information, according to a Secunia Inc. advisory.
One of the flaws, which Secunia has dubbed moderately critical, is in the Sandbox Security function. It fails silently without giving an exception when ColdFusion is running on a JRun 4 cluster member with the Java SecurityManager disabled. According to the alert, this could allow the bypass of some security controls in applications that rely on Sandbox Security. Another flaw has to do with an input validation error when handling the "Subject" field of the CFMAIL tag. The flaw "can be exploited in an application that uses the tag to attach arbitrary files and send mails with any content," according to Secunia's advisory. ___________ Read More / Source: Yahoo! News |
|
|
|
| Thread Tools | |
|
|
