Prev: Symlink Issue
Next: Fixed Width Export
From: SilentBob'secretfusion on 14 Apr 2008 11:21
Does anyone know if this effects Coldfusion 7?

Thanks.
_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1656

Title : Adobe ColdFusion CFC Methods Access Level Bypass Vulnerability
Advisory ID : FrSIRT/ADV-2008-1157
CVE ID : CVE-2008-1656
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-04-09



Advisory Details

Description
Affected Products
Solution
References
Technical Description Receive FrSIRT alerts in a Text format Receive
FrSIRT alerts in a PDF format Receive FrSIRT alerts in an XML format
Receive FrSIRT notifications by SMS

A vulnerability has been identified in Adobe ColdFusion, which could be
exploited by attackers to bypass security restrictions. This issue is caused by
an error in the CFC methods that can be invoked from Flex 2 remoting even if
the access level is set to "public", which could be exploited by a malicious
user to access functions not intended for remote use by the developer.

 | 
Pages: 1
Prev: Symlink Issue
Next: Fixed Width Export