SecurityTracker.com Archives - Adobe ColdFusion Lets Remote Users Access CFC Methods

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker Alert ID: 1019806

SecurityTracker URL: http://securitytracker.com/id?1019806

CVE Reference: CVE-2008-1656 (Links to External Site)

Date: Apr 9 2008

Impact: User access via network

Fix Available: Yes Vendor Confirmed: Yes

Advisory: Adobe Advisory

Version(s): 8, 8.0.1

Description: A vulnerability was reported in Adobe ColdFusion. A remote user can bypass security controls to access restricted functions.

A remote user can invoke CFC methods via Flex 2 remoting even if the access level is set to 'public'.

Impact: A remote user can access CFC methods.

Solution: The vendor has issued a patch (hf800-71471.zip). Update instructions are included in in TechNote 403328, available at:

http://kb.adobe.com/selfservice/viewContent.do?e xternalId=kb403328&sliceId=1

The vendor's advisory is available at:

http://www.adobe.com/support/security/bulletins/apsb08-12.html

Vendor URL: www.adobe.com/support/security/bulletins/apsb08-12.html (Links to External Site)

Cause: Access control error

Underlying OS: Linux (Any), UNIX (AIX), UNIX (OS X), UNIX (Solaris - SunOS), Windows (2000), Windows (2003), Windows (Vista), Windows (XP)

Message History: None.

Date: Tue, 8 Apr 2008 20:07:48 -0400
Subject: http://www.adobe.com/support/security/bulletins/apsb08-12.html

 
 
CVE-2008-1656

Home | View Topics | Search | Contact Us | Help
Copyright 2007, SecurityGlobal.net LLC