Adobe ColdFusion Lets Remote Users Access CFC Methods
|
|
SecurityTracker Alert ID: 1019806 |
|
SecurityTracker URL: http://securitytracker.com/id/1019806
|
|
CVE Reference:
CVE-2008-1656
(Links to External Site)
|
Date: Apr 9 2008
|
Impact:
User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 8, 8.0.1
|
Description:
A vulnerability was reported in Adobe ColdFusion. A remote user can bypass security controls to access restricted functions.
A remote user can invoke CFC methods via Flex 2 remoting even if the access level is set to 'public'.
|
Impact:
A remote user can access CFC methods.
|
Solution:
The vendor has issued a patch (hf800-71471.zip). Update instructions are included in in TechNote 403328, available at:
http://kb.adobe.com/selfservice/viewContent.do?externalId=kb403328&sliceId=1
The vendor's advisory is available at:
http://www.adobe.com/support/security/bulletins/apsb08-12.html
|
Vendor URL: www.adobe.com/support/security/bulletins/apsb08-12.html (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (AIX), UNIX (OS X), UNIX (Solaris - SunOS), Windows (2000), Windows (2003), Windows (Vista), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 8 Apr 2008 20:07:48 -0400
Subject: http://www.adobe.com/support/security/bulletins/apsb08-12.html
|
CVE-2008-1656
|
|
