New Security Bulletin Addresses CFMX Privilege Escalation Vulnerability

Posted By: Cameron Childress | October 11, 2004 4:30PM
Related Categories: ColdFusion

Usually I wouldn't post just because Macromedia released a new security bulletin, but since I mentioned The CFMX Privilege Escalation Vulnerability last Thursday, I think it's worth posting that Macromedia has just posted Security Bulletin MPSB04-10 which specifically addresses this issue.

Comments (2)

Add Comment ]

Sean Corfield Just to point out that following the recommendation in the security bulletin will break nearly all CFC code out there, including Mach II.

A workaround for your own code is to make sure you have an "init()" method that returns "this" and to call that directly with cfinvoke instead of using createObject()...

These two are identical:

cfset foo = createObject("component","MyComponent").init(args)

cfinvoke returnvariable="foo" component="MyComponent" method="init" argumentCollection="#args#"

(angle brackets omitted to avoid comment mangling)

# Posted By Sean Corfield | October 12, 2004 11:16 AM

Saul Rosenfeld Very interesting. HTML is everything these days. Excellent work, well done. This kid is going to be the next big thing.

# Posted By Saul Rosenfeld | October 20, 2004 12:05 AM

Add Comment ]

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)





Leave this field empty:

Categories

coldfusion misc user groups standards security technology flex sumo adobe max fitness coworkingatlanta commonspot version control travel svn robots that rock productivity music bluedragon air wireless vpn san diego railo jobs javascript webdirections scalability mysql fusionreactor fusebox etech cfobjective cfeclipse

Recent Posts

Archives By Month